Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Operations Chapter 11 Part 3 Pages 1279 to 1309.

Published byFlorence Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Operations Chapter 11 Part 3 Pages 1279 to 1309."— Presentation transcript:

1 Security Operations Chapter 11 Part 3 Pages 1279 to 1309

2 E-Mail Security Security, authenticity and integrity were not considered. Easy to spoof From: Phishing

3 E-Mail Security PGP – http://www.symantec.com/encryption/ http://www.symantec.com/encryption/ – http://www.gpg4win.org/ http://www.gpg4win.org/ – Uses Public Key Encryption S/MIME – Public Key PKI

4 E-Mail Relaying Public mail server in DMZ Mail servers use a relay agent to send a message from one mail server to another. If not properly configured, can be used to send spam. A company’s email server should only accept email destined for its domain and should not forward messages to other mail servers and domains.

5 E-Mail Employ antivirus and content filter both on incoming and outgoing email.

6 Fax Security Fax can sit in a bin until the recipient picks it up. Pass between computer and fax device Fax encrypter – encrypts all fax data

7 Tools Hackers (Black Hats) – find vulnerabilities to exploit Penetration Testers (White Hats) – test for vulnerabilities to be fixed Sophisticated tools have become easier to use with GUI interfaces by script kiddies

8 DDoS Attack Figure 11-8 on page 1287

9 Scanners Operating system fingerprinting Open ports Server software version Vulnerability scanners use a database of vulnerabilities – Nessus

10 Browsing Forced browsing for files Google hacking to locate documents Shoulder surfing Dumpster diving

11 Network Sniffers Wireshark Put NIC into promiscuous mode “Sniffers are becoming less successful because of the move to switched environment.” SSH instead of telnet

12 Session hijacking Attacker temporarily takes David off the network and responds to Kristy Figure 11-10 on page 1292

13 Password Cracking John the Ripper L0phtcrack Dictionary and brute force Longer passwords with variety of character sets.

14 Backdoors Installed by Trojan Horse Many antiviruses and IDSs look for signatures and behavior patterns

15 Attacks List on pages 1293-4 Some are dates so you need continuing education.

16 Vulnerability Testing Manual or automated Scope of the test must be agreed upon. Could knock a server offline. Personnel Testing Physical Testing System and network testing

17 Penetration Testing Testing the network and its systems by attacking it. Five Step Process – page 1300 Types – page 1300 Figure page 1301 Georgia Weidman, “Penetration Testing”

Download ppt "Security Operations Chapter 11 Part 3 Pages 1279 to 1309."

Similar presentations

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Similar presentations

Ads by Google