Presentation is loading. Please wait.

Presentation is loading. Please wait.

GENI, Pen Testing, & other stories

Published byNathaniel Brett Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "GENI, Pen Testing, & other stories"— Presentation transcript:

1 GENI, Pen Testing, & other stories
Dr. X

2 Outline What is GENI… really? Pen testing & ethical hacking Logistics:
Bring at least one computer per team for Tuesday!! Denial of Service lab will be completed in class Download and install Wireshark: URL Or use Kali VM

3 Global Environment for Network Innovations (GENI)
 Virtual laboratory for networking and distributed systems research and education. GENI allows experimenters to: Conduct research and create new internet protocols Experiment with cybersecurity concepts Conduct wireless research Educate! Use in classes and perform cool experiments

4 Global Environment for Network Innovation (GENI)
Virtual Lab Obtain compute resources from locations around the United States; Connect compute resources using Layer 2 networks in topologies best suited to their experiments; Install custom software or even custom operating systems on these compute resources; Control how network switches in their experiment handle traffic flows; Run their own Layer 3 and above protocols by installing protocol software in their compute resources and by providing flow controllers for their switches.

5 GENI

6 Simulating Denial of Service
Real machines Small network Attack traffic Regular internet traffic You control all these!

7 What is Denial of Service?
A computer network attack that is designed to deplete resources and prevent legitimate users from accessing a site Can target small and large businesses Traffic flood, large payloads sent slowly, amplification attack Resources: Memory CPU Bandwidth

8 Computer Network Attacks
Passive: Scanning, Reconnaissance Active: Distributed Denial of Service Spoofing Man in the middle

9 Let’s run an attack… next Tuesday!
Observe how fast it is How detrimental it can be to a small network Remember: it is illegal to use any of the tools that create an attack on any machines except the lab machines!

10 Kahoot time!

11 Security as Art No hard and fast rules nor many universally accepted complete solutions No manual for implementing security through entire system Security as Art There are no hard and fast rules regulating the installation of various security mechanisms. Nor are there many universally accepted complete solutions. While there are many manuals to support individual systems, once these systems are interconnected, there is no magic user’s manual for the security of the entire system. This is especially true with the complex levels of interaction between users, policy, and technology controls.

12 Security as Science Dealing with technology designed to operate at high levels of performance Specific conditions cause virtually all actions that occur in computer systems Nearly every fault, security hole, and systems malfunction are a result of interaction of specific hardware and software If developers had sufficient time, they could resolve and eliminate faults Security as Science We are dealing with technology developed by computer scientists and engineers—technology designed to perform at rigorous levels of performance. Even with the complexity of the technology, most scientists would agree that specific scientific conditions cause virtually all actions that occur in computer systems. Almost every fault, security hole, and systems malfunction is a result of the interaction of specific hardware and software. If the developers had sufficient time, they could resolve and eliminate these faults.

13 Security as a Social Science
Social science examines the behavior of individuals interacting with systems Security begins and ends with the people that interact with the system Security administrators can greatly reduce levels of risk caused by end users, and create more acceptable and supportable security profiles Security as a Social Science There is a third view: security as a social science. Social science examines the behavior of individuals as they interact with systems, whether societal systems or in our case information systems. Security begins and ends with the people inside the organization and the people that interact with the system planned or otherwise. End users that need the very information the security personnel are trying to protect may be the weakest link in the security chain. By understanding some of the behavioral aspects of organizational science and change management, security administrators can greatly reduce the levels of risk caused by end users and create more acceptable and supportable security profiles.

14 Penetration Testing Legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure

15 Differences Between attacks and vulnerabilities?
Between pen testing and vulnerability assessment? Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

16 Black vs white hat

17 Black vs white hat Authorization Motivation Intent

18 The cycle of Pen Testing
Reconnaissance Scanning Exploitation Back doors Cover tracks… rinse, repeat

19 Reconnaissance Open Source Intelligence (OS Int)
Google is your friend – more elaborate searches than you have ever thought! Site: Filetype: Boolean logic Google hacking DB Whois Social Networks Job Ads

20 Reconnaissance exercise
Find a company you have never heard before: Charleston local startups Read the news Use the OS Int website and google to gather as much info as possible: What software or Operating System do they use? Who are the administration people: CEO, CFO, CIO etc. Where do the administration people live, what are their interests? What do they use? Who is their Internet Service provider, Domain Name Server (DNS)? Do they have any files online that they should not have?? Any other information about the technical infrastructure of the company?

21 Scanning Open ports Open services Intrusive Informative!

22 Scanning Demo By Dr. X

23 Exploitation Tools Exploits Metasploit Nessus Custom programs
Reverse Shell Elevation of privileges Password file Secret/important information Keylogger Malware: ransomware, virus, spyware

24 Tools of the trade

25 Tools Kali Programming Your brain!

26 Backdoors Vulnerable accounts Open ports & services

27 Covering your tracks Delete any files, history Command line rocks!

28 Summary GENI is awesome Pen testing is not rocket science
Learn how to exploit… in order to know how to defend!

29 Capture the Flag (CTF) Competition: to train future defenders Topics
Cryptography Steganography OS Int Network forensics Web app exploits … and more! Find information, steal password, solve a riddle Wanna play?

Download ppt "GENI, Pen Testing, & other stories"

Similar presentations

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Sam Cook April 18, 2013. Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Information Systems Security Operations Security Domain #9.

Information Systems Security Operations Security Domain #9.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Topic 5: Basic Security.

Topic 5: Basic Security.
Advanced Persistent Threats (APT) Sasha Browning.

Advanced Persistent Threats (APT) Sasha Browning.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.

Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.

Similar presentations

Ads by Google