Presentation is loading. Please wait.

Presentation is loading. Please wait.

بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.

Published byIris Harrell Modified over 9 years ago

Similar presentations

Presentation on theme: "بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati."— Presentation transcript:

1 بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati Supervisor: Dr. Basil Hamad

2 What is security? Network threats and countermeasures. Host threats and countermeasures. Application threats and countermeasures. Conclusion. References.

3 Have you ever believed that: OH.. This means that.. your NETWORK SECURITY has been broken !!! All your personal information are available to a hacker!!! There is a hacker who follows all your electronic steps!!

4 Imagine that you have received an E-mail.. OH Nooo!! your HOST SECURITY has been broken !!! And while opening.. This message appears!!!

5 What is this?!! Who steel my password?! Who enter my E-mail?? Have you ever entered your E-mail and found your password has been changed?? OOOH.. your APPLICATION SECURITY has been broken!!!! Or have you ever found that your password has been published to all your friends?

6 The protection of information assets through the use of technology, processes, and training.

7 NETWORK THREATS APPLICATION THREATS HOST THREATS VIRUSVIRUS Sniffing Authentication

8 Host Threats Network Threats App. Threats

9 Viruses, Trojan horses, and worms. Foot printing. Password cracking.

10 A virus is a program that causes disruption to the operating system or applications. A Trojan horse is a malicious code that is contained inside what appears to be a harmless data file or executable program. A worm is self-replicates from one server to another.

11 Countermeasures against viruses, Trojan horses, and worms : Block all unnecessary ports at the firewall and host. Disable unused functionality including protocols and services Stay current with the latest operating system service packs and software patches. Cont…

12 Examples of foot printing are port scans and ping sweeps. The type of information that are required by the attacker includes: account details, operating system, other software versions, server names, and database schema details. Countermeasures to prevent foot printing include : Disable unnecessary protocols. Lock down ports with the appropriate firewall configuration.

13 Countermeasures to prevent password cracking include : If you use default account names, you are giving the attacker a head start. If you use blank or weak passwords you make the attacker's job even easier. Use strong passwords for all account types. Apply lockout policies to end-user accounts.

14 Information gathering Sniffing Spoofing Denial of service

15 Attackers usually start with port scanning. detect device types and determine operating system and application versions Countermeasures to prevent information gathering: Configure routers to restrict their responses to footprinting requests. Configure operating systems that host network software.

16 Read all plaintext passwords or configuration information. crack packets encrypted by lightweight hashing algorithms. Countermeasuresto prevent sniffing: Use strong physical security and proper segmenting of the network. Encrypt communication fully, including authentication credentials.

17 Countermeasures use a fake source address that does not represent the actual address of the packet. hide the original source of an attack to prevent spoofing: Filter incoming packets Filter outgoing packets

18 Countermeasures denies legitimate users access to a server or services. send more requests to a server than it can handle. Apply the latest service packs. Use a network Intrusion Detection System (IDS). to prevent denial of service:

19 Authentication Network eavesdropping Cookie replay attacks

20 Capture traffic and obtain user names and passwords. Countermeasures to prevent network eavesdropping include: Make sure passwords are encrypted. Use an encrypted communication channel. do not transmit the password over the network such as Windows authentication.

21 Capture the user's authentication cookie to gain access under a false identity Countermeasures to prevent cookie replay include: Use an encrypted communication channel whenever an authentication cookie is transmitted. Use a cookie timeout to a value that forces authentication after a relatively short time interval. Cont…

22 The remedy for all corporate security issues cannot be described in just one paper. It is meant by this research to be a starting point to a better understanding of the three types of web security and there threats. you must know what the enemy knows. By thinking like attackers and being aware of their likely tactics, you can be more effective when applying threats’ countermeasures.

23 Sima, C. Are Your Web Applications Vulnerable?. Atlanta, GA: SPI Dynamics, 2005. http://www.webscurity.com/pe_benefits.htmhttp://www.webscurity.com/pe_benefits.htm [access at July 7, 2006] J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan. 2006. Improving Web Application Security: Threats and Countermeasures.U.S.A: Microsoft Corporation. Retrieved June 5, 2006 from: http://www.msdn.microsoft.com/library

24 SafeNet. 2005. WB_Best Practices in Creating High Level Application Security. U.S.A: Belcamp, Maryland 21017 USA. Retrieved July 12, 2006 from:: http://www.safenet-inc.comwww.safenet-inc.com Microsoft’s patterns & practices team. 2005. Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0. Retrieved July 7, 2006 from: http://www.msdn.microsoft.com/practices Cont…

25 Thank you for attention

Download ppt "بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati."

Similar presentations

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.

Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Similar presentations

Ads by Google