Topic 5: Communication and the Internet

Slides:



Advertisements
Similar presentations
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
Advertisements

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Prepared by: Nahed Al-Salah
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Topic 5: Basic Security.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
Role Of Network IDS in Network Perimeter Defense.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
By Collin Donaldson Man in the Middle Attack: Password Sniffing and Cracking.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
CITA 352 Chapter 1 Ethical Hacking Overview. Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Here // This is the presentation about to describe categories of Hackers. //In this session you will learn aims, identity and purposes of hackers >>> Enter.
P1, P2 & P3 Unit 8 Alex Speer.
Chapter 40 Internet Security.
Network security Vlasov Illia
Common Methods Used to Commit Computer Crimes
The Linux Operating System
Systems Security Keywords Protecting Systems
Secure Software Confidentiality Integrity Data Security Authentication
Overview 1. Phishing Scams
Wireless Network Security
Lesson Objectives Aims You should be able to:
^ About the.
Introduction to Computers
Introduction to Networking
Introducing To Networking
Introduction to Networking
Year 10 ICT ECDL/ICDL IT Security.
Teaching Computing to GCSE
Client-Server Computing
Client-Server Computing
Chapter 3: Windows7 Part 4.
Security in Networking
Computer Security Elaine Munn Introduction to Computer Security.
Unit 1.6 Systems security Lesson 3
Packet Sniffing.
Topic 5: Communication and the Internet
Topic 5: Communication and the Internet
Application layer Lecture 7.
Home Internet Vulnerabilities
Fundamentals of Databases
Web Servers / Deployment
Topic 5: Communication and the Internet
Network hardening Chapter 14.
LO3 – Understand Business IT Systems
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
WJEC GCSE Computer Science
Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment
Lesson 2- Protecting Yourself Online
Week 7 - Wednesday CS363.
IP Addresses & Ports IP Addresses – identify a device on a network
Presentation transcript:

Topic 5: Communication and the Internet Identifying Vulnerabilities

Identifying Vulnerabilities We’ve looked at the different vulnerabilities we could come across in a network Physical, digital, and social However, even if a vulnerability is present, how can hackers work out the vulnerability is there? There exists a lot of tools available on the Internet for testing for vulnerabilities Communication and the Internet: Identifying Vulnerabilities

Identifying Vulnerabilities These tools aren’t just used by hackers though A lot of system administrators will actually use these tools on their own networks To test to see if they are fully secure There are also ethical hackers (known as white hat hackers, or white-hats) who perform these tests on networks of organisations And well send a report to the organisation Communication and the Internet: Identifying Vulnerabilities

Identifying Vulnerabilities We are going to look at four different ways we can identify vulnerabilities on a network They each tackle the aspect of finding vulnerabilities in different ways Some technically (penetration testing) And some socially (policy reviews) Penetration Testing Ethical Hacking Commercial Analysis Tools Network/User Policy Reviews Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Penetration Testing A penetration test (also known as a pen test) is a test employed by an individual or organisation It’s used to assess the level of security on their devices and networks Also includes things like websites and FTP servers Only if they host those on their network The test involves simulating a full-on attack by someone looking for vulnerabilities and exploits on that network Those vulnerabilities and exploits may let the hacker access some aspects of the network Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Penetration Testing Note that this is just simulating an attack from a hacker This is not an actual attack These tests are either set up by the administrator of the network their testing Or contracted out to a company to perform the test The results of the test are entirely informational Given to the administrators of the network so they can implement more security To protect against the vulnerabilities/exploits found during the test Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Penetration Testing The person performing the penetration test will often used specialised tools to do so We will look at those later on in the Commercial Analysis Tools section What is important is pen-tests often come in two types White-box tests and Black-box tests Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Penetration Testing White-box tests involve providing the tester with all relevant information about the network This could include, but isn’t limited to The type of network being used (i.e. physically cabled or wireless) The devices on the network (operating systems, hardware specs, etc.) Any hosted servers on the network (HTTP, FTP, etc.) Any database tables This kind of test simulates a malicious attacker gaining inside information on the system And using it to exploit any potential vulnerabilities Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Penetration Testing Block-box tests are very much the opposite of white-box tests With these, the tester is given no information at all on the type of network they are testing The testers here start with simple tests and work up to more specific tests As they find more and more vulnerabilities Communication and the Internet: Identifying Vulnerabilities

Commercial Analysis Tools So what kind of tools do these testers have access to? There are a lot of tools available on the World Wide Web that cater to pen-testers Some free, but most paid for The pen-testers themselves may also create their own tools for the job A common occurrence for contracted pen-testers Communication and the Internet: Identifying Vulnerabilities

Commercial Analysis Tools Tools for penetration testing are often split into categories For what they are aimed at For example, we can get tools that assist in the following Analysing HTTP requests coming/going from a network Examining a network for any available and open ports Injecting a payload (pre-written executable programs) into a device on a network Identifying SQL databases on a network, and testing their input verification for SQL Injection Fully mapping a network (including listing all devices found on a network and showing their IP addresses) Sending phishing attacks on any WiFi connected device (with the aim of retrieving SSID and password information on that network) Communication and the Internet: Identifying Vulnerabilities

Commercial Analysis Tools One fairly common tool for analysing TCP/IP traffic is Wireshark It lets you hook onto a network-enabled device and eavesdrop on any TCP traffic that it sends or receives This is best used when the user has access to one of the devices on the network Can use Wireshark to listen to TCP traffic on that device Can then get that device to talk to any servers on that network That gives the tester information about those servers Communication and the Internet: Identifying Vulnerabilities

Commercial Analysis Tools Wireshark comes with both command line tools and a GUI The list at the top is every TCP communication the device has managed Includes both outbound and inbound requests The other two panels give information about that communication Communication and the Internet: Identifying Vulnerabilities

Commercial Analysis Tools Another common tools is Metasploit Can be used for listening to traffic coming in/going out of a network However, it’s more widely used for its ability to inject payloads onto a device on a network Where the payload is a program or function the device will run Once a vulnerability has been found on a network, testers use Metasploit to inject some executable code on the device Which then opens up more vulnerabilities to exploit Communication and the Internet: Identifying Vulnerabilities

Commercial Analysis Tools Metasploit works via a HTTP server (accessed from a webpage). This is a screenshot of the network-mapping command run. This is only one part of what Metasploit can di. Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Ethical Hacking Although hacking itself has a negative connotation behind it (as networks are being exploited after all), not all hackers are like that In fact, there are three common terms for three different types of hacker Black-Hats: what we commonly understand as a ‘hacker’ Also known as crackers Will test networks/software for vulnerabilities and exploit them Often trying to get sensitive information for personal gain White-Hats: the official/unofficial testers of vulnerabilities Will perform pen-tests (after permission is given) Help organisations keep their networks secure Grey-Hats: a little mix of both May perform pen-test without permission But can give the results to the organisation Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Ethical Hacking There is one really important thing to note about hacking any computer system or network Without prior permission, it is illegal to exploit a vulnerability on a computer network and obtain private information This is covered in the Computer Misuse Act 1990 Legislation that was introduced in the UK parliament In response to a criminal case against Robert Schrifteen involving hacking Prince Phillip’s email So all white-hat hackers are entirely legal As they obtain permission from the network administrator beforehand Communication and the Internet: Identifying Vulnerabilities

Communication and the Internet: Identifying Vulnerabilities Ethical Hacking The simplest guide to hacking ethically is to stick to the white-hat ways Always ask for permission from the network administrator beforehand Log any and all tests that you perform Do not copy or retrieve any sensitive or private information stored on the network Report all findings to the network administrator after the test is complete The EC Council (The International Council of Electronic Commerce Consultants) started a scheme which lets user apply for a certified White Hat status Found at https://www.eccouncil.org/programs/certified- ethical-hacker-ceh/ Communication and the Internet: Identifying Vulnerabilities

Network/User Policy Reviews On almost all networks, network administrators will write a policy Applies to all users on that network Policies are simple a list of dos and don’ts of what users can do on that network For example, policies on a network could specify That no USB devices be plugged in to any device on the network Users should not provide their password to anyone at any time Users should not download any file from the Internet onto their device And so on… Communication and the Internet: Identifying Vulnerabilities

Network/User Policy Reviews If someone is performing a white-box pen-test, these list of policies is actually an important thing to consider Although humans do tend to make mistakes, if something is listed in a policy then the tester can consider that as an avenue to avoid If no USBs are allowed, then the pen-tester can either forget about testing with a malicious USB drive, or perform that test later as a lower priority However, the inverse is also true If something isn’t listed in the policies, then it’s fair game for the tester Communication and the Internet: Identifying Vulnerabilities

Network/User Policy Reviews In fact, not having something listed in the policies is often a bad thing As most policies have some legal wait to them within the company So if a pen-tester spots a vulnerability not listed in the policies, they’ll often make a recommendation of including it Such is the case with not using USB devices on any device on the network As USB devices aren’t something you can stop (either physically or virtually) Including an objection to them in the policy covers the company legally If a fault happens with the USB device being the case, they have legal basis for any action they commit to Communication and the Internet: Identifying Vulnerabilities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.