FORESEC Academy FORESEC Academy Security Essentials (III)

Slides:



Advertisements
Similar presentations
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Advertisements

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
IPv6 Transition : Why a new security mechanisms model is necessary?
Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Computer Security and Penetration Testing
Introduction to Network Security
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Sales Kickoff - ARCserve
Click to edit Master subtitle style
TCP/IP Vulnerabilities. Outline Security Vulnerabilities Denial of Service Worms Countermeasures: Firewalls/IDS.
CCI through Firewall TNG 2.4 Updated April 16, 2002.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 – Network Security.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
VULNERABILITY ASSESSMENT FOR THE POLICE DEPARTMENT’S NETWORK.
FORESEC Academy FORESEC Academy Security Essentials (III)
FORESEC Academy FORESEC Academy Security Essentials (III)
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Denial of Service (DoS) Attacks: A Nightmare for eCommerce Jearanai Muangsuwan Strayer University.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Information Security What is Information Security?
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Network Security: Lab#5 Port Scanners and Intrusion Detection System
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
TCP Security Vulnerabilities Phil Cayton CSE
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
FORESEC Academy FORESEC Academy Security Essentials (III)
M ITNICK A TTACK. WHO IS THIS GUY?
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
DoS/DDoS attack and defense
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Telecommunications Networking II Lecture 41d Denial-of-Service Attacks.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Transport Layer1 TCP Connection Management Recall: TCP sender, receiver establish “connection” before exchanging data segments r initialize TCP variables:
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques.
Network Devices and Firewalls Lesson 14. It applies to our class…
CSCE 548 Student Presentation By Manasa Suthram
Introduction to Network Security
Click to edit Master subtitle style
Intrusion Detection Systems (IDS)
IS4680 Security Auditing for Compliance
CORE Security Technologies
Mitnick Attack.
Intrusion Detection system
TCP Connection Management
Presentation transcript:

FORESEC Academy FORESEC Academy Security Essentials (III)

FORESEC Academy Internet Security Technologies Agenda  Chapter 13 : Attack Strategies and Mitigation  Chapter 14 : Firewalls and Honeypots  Chapter 15 : Vulnerability Scanning  Chapter 16 : Host-Based Intrusion Detection  Chapter 17 : Network-Based Intrusion Detection  Chapter 18 : Risk Management and Auditing

FORESEC Academy Attack Strategies and Mitigation Chapter Outline  Mitnick-Shimomura Attack Analysis  Preventive Techniques  Methods of Attack  Chapter Summary

FORESEC Academy K. Mitnick vs. T. Shimomura  Confidentiality, integrity and availability attack  Reconnaissance probing to determine trust relationship (“r utilities”)  IP spoofing to act as one side of trust relationship  Lack of site or system perimeter defenses to retard or defeat attack

FORESEC Academy Two Systems, Trust Relationship Unix, Apple Computers, and Windows all have built-in trust relationship capabilities. If one party in a two- way trust relationship is compromised or spoofed, the other party is in great danger.

FORESEC Academy Enter the BadGuy (TM) Reconnaissance is often the first phase of an attack

FORESEC Academy Silence B With DoS Attacker is going to Pretend he is B, so B Must be silenced so it Cannot signal an alarm SYN Flood Attack to B renders B unable To reply to A

FORESEC Academy Attacker Probes for a Weakness in A.s TCP Stack Each time A is stimulated, the SYN/ACK response is predictable.

FORESEC Academy Attacker Pretends to be B The attacker, pretending to be B, uses the predictable response to open a connection.

FORESEC Academy Make “A” Defenseless Attacker sends expected ACK with fake SRC IP ADDRESS to establish a connection.

FORESEC Academy Finish the Job B sends rshell packet ‘”echo ++”>/.rhosts’ to open A to attack Attacker uses # rlogin – I root to takeover ‘A’ Attacker

FORESEC Academy What Common Techniques Could Have Prevented The Attack?

FORESEC Academy What Risk Management Techniques Could Have Detected The Attack?

FORESEC Academy Patching Systems  Although not relevant to Mitnick’s attack, per se, still very important.  Timely patching can often prevent the majority of attack vectors from being successfully executed.  Patches are often available before or very soon after exploits are announced.

FORESEC Academy Disabling Unused Services

FORESEC Academy Host-based Intrusion Detection

FORESEC Academy Network-based Intrusion Detection

FORESEC Academy Network Vulnerability Scanner Scanner Warning: A trust B A has potential rshell vulnerability

FORESEC Academy Firewalls Many attack attempts fail to penetrate well – configured firewalls, especially if they have a “deny everything not specifically allowed” policy.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.