Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (III)

Published byDarren Young Modified over 9 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (III)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (III)

2 FORESEC Academy Internet Security Technologies Agenda  Chapter 13 : Attack Strategies and Mitigation  Chapter 14 : Firewalls and Honeypots  Chapter 15 : Vulnerability Scanning  Chapter 16 : Host-Based Intrusion Detection  Chapter 17 : Network-Based Intrusion Detection  Chapter 18 : Risk Management and Auditing

3 FORESEC Academy Attack Strategies and Mitigation Chapter Outline  Mitnick-Shimomura Attack Analysis  Preventive Techniques  Methods of Attack  Chapter Summary

4 FORESEC Academy K. Mitnick vs. T. Shimomura  Confidentiality, integrity and availability attack  Reconnaissance probing to determine trust relationship (“r utilities”)  IP spoofing to act as one side of trust relationship  Lack of site or system perimeter defenses to retard or defeat attack

5 FORESEC Academy Two Systems, Trust Relationship Unix, Apple Computers, and Windows all have built-in trust relationship capabilities. If one party in a two- way trust relationship is compromised or spoofed, the other party is in great danger.

6 FORESEC Academy Enter the BadGuy (TM) Reconnaissance is often the first phase of an attack

7 FORESEC Academy Silence B With DoS Attacker is going to Pretend he is B, so B Must be silenced so it Cannot signal an alarm SYN Flood Attack to B renders B unable To reply to A

8 FORESEC Academy Attacker Probes for a Weakness in A.s TCP Stack Each time A is stimulated, the SYN/ACK response is predictable.

9 FORESEC Academy Attacker Pretends to be B The attacker, pretending to be B, uses the predictable response to open a connection.

10 FORESEC Academy Make “A” Defenseless Attacker sends expected ACK with fake SRC IP ADDRESS to establish a connection.

11 FORESEC Academy Finish the Job B sends rshell packet ‘”echo ++”>/.rhosts’ to open A to attack Attacker uses # rlogin – I root to takeover ‘A’ Attacker

12 FORESEC Academy What Common Techniques Could Have Prevented The Attack?

13 FORESEC Academy What Risk Management Techniques Could Have Detected The Attack?

14 FORESEC Academy Patching Systems  Although not relevant to Mitnick’s attack, per se, still very important.  Timely patching can often prevent the majority of attack vectors from being successfully executed.  Patches are often available before or very soon after exploits are announced.

15 FORESEC Academy Disabling Unused Services

16 FORESEC Academy Host-based Intrusion Detection

17 FORESEC Academy Network-based Intrusion Detection

18 FORESEC Academy Network Vulnerability Scanner Scanner Warning: A trust B A has potential rshell vulnerability

19 FORESEC Academy Firewalls Many attack attempts fail to penetrate well – configured firewalls, especially if they have a “deny everything not specifically allowed” policy.

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (III)"

Similar presentations

CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
IPv6 Transition : Why a new security mechanisms model is necessary?

IPv6 Transition : Why a new security mechanisms model is necessary?
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies www.coresecurity.com.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.

Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Introduction to Network Security

Introduction to Network Security

Similar presentations

Ads by Google