ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015.

Slides:



Advertisements
Similar presentations
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Advertisements

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
System Security Scanning and Discovery Chapter 14.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Hacking Unix/Linux.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Botnets An Introduction Into the World of Botnets Tyler Hudak
Securing Information Systems
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
CERN’s Computer Security Challenge
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Software Security Testing Vinay Srinivasan cell:
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Internet Security and Your Computer Welcome to Boot Camp.
Footprinting and Scanning
Application of the Internet 1998/12/09 KEIO University, JAPAN Mikiyo
Quiz 2 -> Exam Topics Fall Chapter 10a - Firewalls Simple Firewall - drops packets based on IP, port Stateful - Keeps track of connections, set.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Chapter 7: Identifying Advanced Attacks
Chapter 6 Application Hardening
IT Security  .
Backdoor Attacks.
(see also Q1 and Q2 Topics)
Hacking Unix/Linux.
(see also Quiz 1 and Quiz 2 Topics)
Footprinting and Scanning
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Malware CJ
Computer Security.
Implementing Client Security on Windows 2000 and Windows XP Level 150
Crisis and Aftermath Morris worm.
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Presentation transcript:

ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015

Chapter 12 - Traffic Visualization Not covered. 2

Chapter 13 - NetSec Utilities What do they do? John the Ripper Metasploit dsniff nmap Tripwire Wireshark, tcpdump, nslookup, traceroute, whois, netstat, dd Security Organizations: US-CERT (U.S. Computer Emergency Response Team) SANS NIPC (FBI - Nat. Infrastructure Protection Center) What to do if a host is compromised. Evidence – preserve chain of custody Disconnect from network, by power-off if possible. UNIX 'dd' utility good for making an image of a hard disk 3

Slide Set 14 - Wireless Security WEP is weak security, but far better than nothing (GTother). WPA is better, but needs long passphases (22 characters) WPA2 is best, but not completely compatible with older cards (GTwpa - available in 2010,  GTwifi in 2012). Use longest key-length possible. WPS 7-digit install is broken. Enable use of “ allowed list ” of MAC addresses. Use higher-layer security - IPsec or HTTPS(SSL), w TLS. Use a firewall and IDS to isolate wireless access points (WAP ’ s) just like you do for the Internet gateways. What is an Rogue WAP, an “ Evil Twin ” attack? Authentication: RADIUS, CHAP - Challenge Authentication 4

Slide set 15 - Hidden Data (also covered in NetSecLab Wrapup – on Tsquare) Hidden Files (on UNIX, name starts with “. ” ) Startup scripts (great place to hide a Trojan Horse) Covert channels (hide in “ Ping ” packets, SSH, port 80, FTP) Steganography (hiding data in an image file) [not covered 2015] Watch for new processes ( use 'ps aux'), new files (particularly “ suid ” files*), open Internet TCP and UDP ports ('netstat -nalp' or 'sockstat -4') * An “ suid ” file (chmod 4755) owned by root always runs with root privileges. 5

Slide Set 16 - Safe Computing (also covered in NetSecLab Wrapup – on Tsquare) 6 Eliminate unneeded daemons, “ suid programs, ” open ports, and user accounts (to "harden" the computer). Enforce long, mixed-character passwords. Explain “ Once root, always root ” (Copeland's 2nd rule*) (The 1st rule is "No security without physical security.") (The 3rd rule is "Layers of protection and detection are needed....") Use host OS firewall to limit connections as much as possible (MacOS: use /etc/hosts.allow to limit incoming ssh IPs, "Little Snitch" to limit by application and outgoing IP connections). Keep security patches up to date, from OS and application vendors. Most compromises today come from and Web accesses (no click needed).

Slide Set 17 – Shell Code 7 "Shellcode" is binary code that will execute without being processed by a "Loader". 1. Must make kernel system calls directly (no standard lib.s) 2. Must use absolute or relative jumps (no relocatable jumps) 3. Must be written using assembly language, and with a limited set of commands (e.g., no labels). The original shelllcode opened a backdoor with a command shell (bash, cmd.exe, …). Now shellcode has been written to open an internet connection, download and install malware (e.g., rootkit or bot), transfer files, … Buffer Overflow(what is it, what does it do) [ gets(buf) ] 1) Can change data, 2) can redirect program counter to execute shellcode. How to prevent a “ Buffer Overflow ” [use fgets(n, buf, stdin) vs. gets()] What ’ s a “ sled ” ? Why should OS randomize stack memory addresses? What is “polymorphic” code?

8 Current Affairs Spear Phishing - used for government-level and GT attacks. BotNets - used by organized crime for spam (fake drugs, stock pumping, phishing to steal identity info, links to Web sites with exploits). Distinguished by use of P2P networking. Dynamic DNS (fast-flux DNS) - used to direct hacker URL to various IP addresses. Modified DNS Server IP - site sometimes misdirects URLs. DNS Cache Poisoning - send phony responses to own query. Adware and Spyware - nuisance software that pops-up ads and reports Web usage, but could report more sensitive info. Insider Attacks - unauthorized access to steal government or corporate data, forge records, cover up embezzlement. There will be questions on something from each of the 3 talks, and from the "Data Brokers" and "Hacking America" documentaries.

HW What was learned from homework problems? Outside Reading Advanced Persistent Threat – who’s doing it, and why. XX MacAttack UDP-based Amplification Attack. Link.Link TargetTarget – what when wrong (discussed in class). 9

Terms to Know 10 Malware - any malicious software. RAT - Remote Administration Tool (remote control of host). Hack-Back - reverse hacking of attacker - usually illegal (many attacking hosts are compromised, damage hurts innocents) Exploit code - can be in Microsoft Office documents, HTML mail or Web pages, database files, image files, data input (SQL poison, buffer overflow), text files (shell code and.bat files). Root Kit - installs special versions of OS utilities which hide the presence of an intruder (files, processes, sockets, accounts).

Three Basic Rules Without Physical Security, there is no security. Once "root", always "root" (or "admin"). Multiple layers of prevention and monitoring are necessary (to achieve the optimum degree of protection for a given budget). Complete prevention is impossible. Many layers in the following three categories: Protection Detection Reaction 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.