Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015.

Published byAlexandrina Page Modified over 9 years ago

Similar presentations

Presentation on theme: "ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015."— Presentation transcript:

1 ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015

2 Chapter 12 - Traffic Visualization Not covered. 2

3 Chapter 13 - NetSec Utilities What do they do? John the Ripper Metasploit dsniff nmap Tripwire Wireshark, tcpdump, nslookup, traceroute, whois, netstat, dd Security Organizations: US-CERT (U.S. Computer Emergency Response Team) SANS NIPC (FBI - Nat. Infrastructure Protection Center) What to do if a host is compromised. Evidence – preserve chain of custody Disconnect from network, by power-off if possible. UNIX 'dd' utility good for making an image of a hard disk 3

4 Slide Set 14 - Wireless Security WEP is weak security, but far better than nothing (GTother). WPA is better, but needs long passphases (22 characters) WPA2 is best, but not completely compatible with older cards (GTwpa - available in 2010,  GTwifi in 2012). Use longest key-length possible. WPS 7-digit install is broken. Enable use of “ allowed list ” of MAC addresses. Use higher-layer security - IPsec or HTTPS(SSL), email w TLS. Use a firewall and IDS to isolate wireless access points (WAP ’ s) just like you do for the Internet gateways. What is an Rogue WAP, an “ Evil Twin ” attack? Authentication: RADIUS, CHAP - Challenge Authentication 4

5 Slide set 15 - Hidden Data (also covered in NetSecLab Wrapup – on Tsquare) Hidden Files (on UNIX, name starts with “. ” ) Startup scripts (great place to hide a Trojan Horse) Covert channels (hide in “ Ping ” packets, SSH, port 80, FTP) Steganography (hiding data in an image file) [not covered 2015] Watch for new processes ( use 'ps aux'), new files (particularly “ suid ” files*), open Internet TCP and UDP ports ('netstat -nalp' or 'sockstat -4') * An “ suid ” file (chmod 4755) owned by root always runs with root privileges. 5

6 Slide Set 16 - Safe Computing (also covered in NetSecLab Wrapup – on Tsquare) 6 Eliminate unneeded daemons, “ suid programs, ” open ports, and user accounts (to "harden" the computer). Enforce long, mixed-character passwords. Explain “ Once root, always root ” (Copeland's 2nd rule*) (The 1st rule is "No security without physical security.") (The 3rd rule is "Layers of protection and detection are needed....") Use host OS firewall to limit connections as much as possible (MacOS: use /etc/hosts.allow to limit incoming ssh IPs, "Little Snitch" to limit by application and outgoing IP connections). Keep security patches up to date, from OS and application vendors. Most compromises today come from email and Web accesses (no click needed).

7 Slide Set 17 – Shell Code 7 "Shellcode" is binary code that will execute without being processed by a "Loader". 1. Must make kernel system calls directly (no standard lib.s) 2. Must use absolute or relative jumps (no relocatable jumps) 3. Must be written using assembly language, and with a limited set of commands (e.g., no labels). The original shelllcode opened a backdoor with a command shell (bash, cmd.exe, …). Now shellcode has been written to open an internet connection, download and install malware (e.g., rootkit or bot), transfer files, … Buffer Overflow(what is it, what does it do) [ gets(buf) ] 1) Can change data, 2) can redirect program counter to execute shellcode. How to prevent a “ Buffer Overflow ” [use fgets(n, buf, stdin) vs. gets()] What ’ s a “ sled ” ? Why should OS randomize stack memory addresses? What is “polymorphic” code?

8 8 Current Affairs Spear Phishing - used for government-level and GT attacks. BotNets - used by organized crime for spam email (fake drugs, stock pumping, phishing to steal identity info, links to Web sites with exploits). Distinguished by use of P2P networking. Dynamic DNS (fast-flux DNS) - used to direct hacker URL to various IP addresses. Modified DNS Server IP - site sometimes misdirects URLs. DNS Cache Poisoning - send phony responses to own query. Adware and Spyware - nuisance software that pops-up ads and reports Web usage, but could report more sensitive info. Insider Attacks - unauthorized access to steal government or corporate data, forge records, cover up embezzlement. There will be questions on something from each of the 3 talks, and from the "Data Brokers" and "Hacking America" documentaries.

9 HW What was learned from homework problems? Outside Reading Advanced Persistent Threat – who’s doing it, and why. XX MacAttack UDP-based Amplification Attack. Link.Link TargetTarget – what when wrong (discussed in class). 9

10 Terms to Know 10 Malware - any malicious software. RAT - Remote Administration Tool (remote control of host). Hack-Back - reverse hacking of attacker - usually illegal (many attacking hosts are compromised, damage hurts innocents) Exploit code - can be in Microsoft Office documents, HTML mail or Web pages, database files, image files, data input (SQL poison, buffer overflow), text files (shell code and.bat files). Root Kit - installs special versions of OS utilities which hide the presence of an intruder (files, processes, sockets, accounts).

11 Three Basic Rules Without Physical Security, there is no security. Once "root", always "root" (or "admin"). Multiple layers of prevention and monitoring are necessary (to achieve the optimum degree of protection for a given budget). Complete prevention is impossible. Many layers in the following three categories: Protection Detection Reaction 11

Download ppt "ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015."

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Hacking Unix/Linux.

Hacking Unix/Linux.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Botnets An Introduction Into the World of Botnets Tyler Hudak

Botnets An Introduction Into the World of Botnets Tyler Hudak
Securing Information Systems

Securing Information Systems
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.

13Computer Intrusions Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google