Last revised 1-17-15. A.A. Degree CNIT 120: Network Security Fundamentals of Network Security Preparation for Security+ Certification Essential for.

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

Security and Personnel

Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Computer Security and Penetration Testing

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Security, Privacy, and Ethics Online Computer Crimes.

Hands-On Ethical Hacking and Network Defense

Handling Security Incidents

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Security Certification

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.

Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

IT security By Tilly Gerlack.

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

Chapter 1 Ethical Hacking Overview. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the role of an ethical.

Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.

The Security Circus.

Ethical Hacking Han Li  Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking.

Topic 5: Basic Security.

Ethical Hacking: Hacking GMail. Teaching Hacking.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Scott Charney Cybercrime and Risk Management PwC.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Presents Ethical Hacking For Inplant Training / Internship, please download the "Inplant training registration form" from our website.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Ethical Hacking: Defeating Logon Passwords. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

The Security Circus MPICT Summer Conference, June, 2011.

Presents Ethical Hacking 1 For Inplant Training / Internship, please download the "Inplant training registration form" from our.

Web Security Introduction to Ethical Hacking, Ethics, and Legality.

Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: samsclass.info Website:

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Job offer IT Infrastructure Specialist We are currently looking for an IT infrastructure specialist in order to respond to one key-account customer demand.

Computer & Info Security Instructor: David Wilkeson, CISSP Class Website: Grades.

CITA 352 Chapter 1 Ethical Hacking Overview. Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration.

HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.

Seminar On Ethical Hacking Submitted To: Submitted By:

Instructor Materials Chapter 13: The IT Professional

Cyber Security Policy Analysts

Associate Degree in Cyber security

Lesson Objectives Aims You should be able to:

The Art of Deception.

Social Engineering No class today! Dr. X.

Hands-On Ethical Hacking and Network Defense

Presentation transcript:

Last revised

A.A. Degree

CNIT 120: Network Security Fundamentals of Network Security Preparation for Security+ Certification Essential for any Information Technology professional

CNIT 40: DNS Security  Configure and defend DNS infrastructure

CNIT 121: Computer Forensics  Analyze computers for evidence of crimes  Recover lost data

CNIT 122: Firewalls  Defend networks

Two Hacking Classes Perform real cyberattacks and block them CNIT 123: Ethical Hacking and Network Defense CNIT 124: Advanced Ethical Hacking 9

Supplemental Materials Projects from recent research Students get extra credit by attending conferences 10

Certified Ethical Hacker  CNIT 123 and 124 help prepare students for CEH Certification 11

CNIT 125: Information Security Professional  CISSP – the most respected certificate in information security

CNIT 126: Practical Malware Analysis  Incident response after intrusion

CNIT 127: Exploit Development To be offered in Fall 2015  Turning crashes into remote code execution  Buffer overflows  Return-to-libc  Return Oriented Programming

CNIT 128: Hacking Mobile Devices First offered in Spring 2015  Rooting and jailbreaking  Android security model  Locking, remote location, and remote wipe  Mobile payment, including Google Wallet

 Student-run  Not insanely difficult  Fri, Sep 19 - Sun, Sep 21  Online

 NATIONAL CYBER LEAGUE  Register by Sep. 20  Game happens Sep 27 – Oct 4

 First Tues. every month  Free ad Microsoft, downtown San Francisco  Free Pizza

 Sat Oct 11 & Sun Oct 12, 2014  Foothill College  Developers, not focused on security

Wardriving  Thu, Nov 20  6 PM SCIE 200

 Security talks, lockpicking, contests, etc.  Fri, Dec 5 & Sat, Dec 6  Mt. View  Cost: approx. $35

Chapter 1 Ethical Hacking Overview Last modified

Hands-On Ethical Hacking and Network Defense 25  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker

Hands-On Ethical Hacking and Network Defense 27  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network

Hands-On Ethical Hacking and Network Defense 28  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission

Hands-On Ethical Hacking and Network Defense 29  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence

 This class alone won’t make you a hacker, or an expert  It might make you a script kiddie  It usually takes years of study and experience to earn respect in the hacker community  It’s a hobby, a lifestyle, and an attitude  A drive to figure out how things work Hands-On Ethical Hacking and Network Defense 30

Hands-On Ethical Hacking and Network Defense 31  Tiger box  Collection of OSs and hacking tools  Usually on a laptop  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks

Hands-On Ethical Hacking and Network Defense 32  White box model  Tester is told everything about the network topology and technology  Network diagram  Tester is authorized to interview IT personnel and company employees  Makes tester’s job a little easier

 From ratemynetworkdiagram.com (Link Ch 1g) Hands-On Ethical Hacking and Network Defense 33

Hands-On Ethical Hacking and Network Defense 34

Hands-On Ethical Hacking and Network Defense 35  Black box model  Company staff does not know about the test  Tester is not given details about the network ▪ Burden is on the tester to find these details  Tests if security personnel are able to detect an attack

Hands-On Ethical Hacking and Network Defense 36  Gray box model  Hybrid of the white and black box models  Company gives tester partial information

Hands-On Ethical Hacking and Network Defense 38  Basics:  CompTIA Security+ (CNIT 120)  Network+ (CNIT 106 or 201)

39  CNIT 123: Ethical Hacking and Network Defense  CNIT 124: Advanced Ethical Hacking

40  Designated by the Institute for Security and Open Methodologies (ISECOM)  Uses the Open Source Security Testing Methodology Manual (OSSTMM)  Test is only offered in Connecticut and outside the USA, as far as I can tell ▪ See links Ch 1f and Ch 1h on my Web page

41  Issued by the International Information Systems Security Certifications Consortium (ISC 2 )  Usually more concerned with policies and procedures than technical details  CNIT 125: Information Security Professional Practices  Web site:

Hands-On Ethical Hacking and Network Defense 42  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  (links Ch 1i & Ch 1j)

Hands-On Ethical Hacking and Network Defense 44  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed

Hands-On Ethical Hacking and Network Defense 45  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes

Hands-On Ethical Hacking and Network Defense 46  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bots” may be forbidden  Program that sends automatic responses to users  Gives the appearance of a person being present

Hands-On Ethical Hacking and Network Defense 47 (link Ch 1k)

Hands-On Ethical Hacking and Network Defense 48  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues

Hands-On Ethical Hacking and Network Defense 49

Hands-On Ethical Hacking and Network Defense 50  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs

Hands-On Ethical Hacking and Network Defense 51  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in Computer Consulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it

Hands-On Ethical Hacking and Network Defense 52  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools

Fake Antimalware Software  See Link Ch 1m

Anonymous

Social Engineering & SQLi 

Leaked HB Gary s  For Bank of America Discredit Wikileaks Intimidate Journalist Glenn Greenwald  For the Chamber of Commerce Discredit the watchdog group US Chamber Watch Using fake social media accounts  For the US Air Force  Spread propaganda with fake accounts 

Drupal Exploit

OpBART  Dumped thousands of commuter's s and passwords on the Web  Defaced MyBart.org ts%20Californias%20Infamous%20BART%20Hurt s%20Citizens%20in%20the%20Process/article htm

LulzSec  The "skilled" group of Anons who hacked US SenateAZ Police Pron.comBooz Hamilton SonyNATO InfragardThe Sun PBSFox News H B Gary FederalGame websites

Ryan Cleary  Arrested June 21, 2011  Accused of DDoSing the UK’s Serious Organised Crime Agency Link Ch 1v

T-Flow Arrested July 19, 2011  Link Ch 1u

Topiary (Jake Davis)  Arrested on  Sentenced to 2 years, served 37 days in prison  He's back on  Links Ch 1s, 1t

 Link Ch 1v

Stay Out of Anonymous  Link Ch 1w