?

what is firewall -
A firewall is a hardware or software system that prevents
. unauthorized access to or from a network
:Types
Packet filtering *
.Also referred to as static packet filtering
Controlling access to a network by analyzing the incoming
and outgoing packets and letting them pass or halting them
.based on the IP addresses of the source and destination
Statefull inspection *
.Also referred to as dynamic packet filtering
Stateful inspection is afirewall architecture that works at the
.network layer
Unlike staticpacket filtering, which examines a packet based
on the information in its header, stateful inspection tracks
each connection traversing all interfaces of the firewall and
.makes sure they are valid
An example of a stateful firewall may examine not just the
header information but also the contents of the packet up
through the application layer in order to determine more
about the packet than just information about its source and
.destination
A stateful inspection firewall also monitors the state of the
connection and compiles the information in a state table.
Because of this, filtering decisions are based not only on
administrator-defined rules (as in static packet filtering) but
also on context that has been established by prior packets
.that have passed through the firewall
Proxy *
Proxy firewalls or application gateway firewalls, are a fairly
.recent addition to mainstream security environments
Until a few years ago, the stateful inspection firewall was the
most advanced firewall protection. While stateful firewalls
can monitor open connections, they cannot inspect
.application layer traffic
Therefore, if you were to allow HTTP traffic through your
firewall, a stateful inspection firewall would not prevent an
.HTTP-based attack
Proxy firewalls, on the other hand, combine stateful
inspection technology with the ability to perform deep
application inspections
They also analyze layer 7 protocols, such as HTTP and FTP and
.monitor traffic for additional signs of attack
To make this work, the firewall must act as a proxy; that is,
the client opens a connection with the firewall (usually
unbeknownst to the client) and the firewall opens a separate
.connection to the server on the client's behalf
Proxy servers
they act as a middleman for connections between clients and
servers
They're generally used to provide content filtering and
performance enhancements (such as caching) for local user's
.Web traffic
Since most proxy firewalls can provide all of the benefits of a
proxy server, administrators typically use dedicated proxy
servers where they wish to remove the performance load
from the firewall
Utm (unified threat management ) *
Block contains ( firewall, gateway anti-virus, and intrusion
detection and prevention )

? what are IPS , IDS -

IDS ( intrusion detection system )
‫ تحتوي‬Database ‫و هو يقوم بـتحليل ترافيك الشبكة و مقارنته بقاعدة بيانات‬ 
‫على جميع اإلتصاالت المشبوهة و تحديد كل ما هو خارج عن العادة ( اتصاالت‬
‫ ) فكل مايقوم به هو أرسال تحذير إلى مدير الشبكة بوجود‬...‫برامج التجسس‬
‫شيء غير طبيعي في الترافيك المار ومن هنا نستطيع ان نستنتج ان كلمة‬
.‫ التعني إال الكشف‬detection

IPS ( instrusion prevention system )

‫ أوال‬Detection ‫عمل على حماية الشبكة قبل اختراقها فهو يقوم بعملية الكشف‬
‫ للباكيت‬Drop ‫ مثل عمل‬Prevention ‫وبعدها يقوم بتنفيذ ردة فعل معينة‬
‫الضارة‬
? what is polymorphic virus -
A virus that changes its virus signature (i.e.,its binary pattern)
every time it replicates and infects a new file in order to keep
.from being detected by an antivirus program

? what are types of attacks -

Passive attacks -
‫ او بيسبب ضرر‬attack ‫بيجمع معلومات عن السيستم بس مش بيعمل‬
message content - traffic ‫ يشوف ال‬- passwords ‫( يشوف ال‬
) analysis – data capturing
active attacks -
change system resources ‫بيكون هدفه انه‬
 Affect their usal operations
attempts to log into someone else`s account *
wire taps *
denial of services *
message modification *
insider attack -
‫ على السيستم‬attack ‫ان حد من جوه الشبكة هوه اللى بيعمل‬
close – in attack -
‫ من مكونات الشبكة و الداتا والسيستم عشان اقدر اجمع اكتر‬physically ‫بقرب‬
‫معلومات عنها‬
phishing attack -
‫الهاكر بيعمل ويب سايت مزيف زى ويب سايت مشهور وبيحاول انه يخلي ال‬
user name ,‫ يدخل على لينك السايت المزيف ده ويدخل ال‬victim
‫ وبالتالي يعرف معلوماته‬password
hijack attack -
‫بكون بكلم حد والهاكر يدخل مكانه وافضل اكلمه على انه الشخص ده وممكن‬
‫ بالغلط‬private data ‫ابعتله‬
spoofing attack -
source address of the ‫بان الهاكر بينتحل شخصية حد تاني بانه بيعدل ال‬
packets
buffer overflow attack -
exploit attack -
vulnerability of system ‫بيشتغل ال‬

password attack -
A dictionary attack uses a word list file, which is a list of —
.potential passwords
‫‪A brute-force attack is when the attacker tries every‬‬ ‫—‬
‫‪.possible combination of characters‬‬
‫‪A hybrid attack builds on the dictionary attack method‬‬ ‫—‬
‫‪by adding numerals and symbols to dictionary words‬‬
‫‪? what are types of hackers -‬‬
‫* ‪script kiddies : based on unstructured attack‬‬
‫* ‪black hat‬‬
‫يعمل ‪ attack , hack‬على اى سيستم بدون اى هدف معين ( اثبات نفس ‪..‬‬
‫انتقام ‪ ..‬فلوس )‬
‫* ‪white hat‬‬
‫عنده نفس خبرة ال ‪ black hat‬بس بيعمل بيها ‪ defense‬عشان يمنع ال‬
‫‪black hat‬‬
‫* ‪gray hat‬‬
‫ممكن يشتغل كبالك او كوايت هات‬
‫‪? what is forensics -‬‬
‫‪ digtial forensics‬وهو المجال الي بيتكلم عن البحث الجنائي من الناحية‬
‫االلكترونية وازاي لو حصلت عملية اختراق التوصل للمخترق وفحص جهازه‬
‫ومعرفة طرق االختراق والداتا الي قدر يحصل عليها بتدرس فيه طرق عمل‬
‫الهارديسك وتركيبه بالتفصيل علشان تقدر ترجع الداتا لو اتمسحت بتدرس فيه ال‬
‫‪ ram‬وازاي طرق استخراج المعلومات المهمة منها‬
‫فيه اجزاء كتير زي ‪network forensics - windows forensics -hard‬‬
‫‪ disk forensics‬وفيه منه مجال ال ‪ malware forensics‬وهو بيتكلم عن‬
‫طرق تحليل الفيروسات والملفات الضارة ومعرفة خطرها وتاثيرها في النظام‬
‫ومحاولة تتبعها للوصول للمبرمج وليه كورسات زي‬
‫‪CHFI CCFP SANS forensics‬‬
what are differences between risk , vulnerability and -
? threat
: Vulnerability
Weakness of system , network of device
: Threat
Potential danger posed by vulnerability
vulnerability ‫الخطر المحتمل ان تتسببه ال‬
: Risk
Likelihood of a hacker taking advantage of af vulnerability and
corresponding business impact
‫يبدا الهاكر يستعمل نقطه الضعف ويسبب ضرر للسيستم‬
: " Exposure " exploit
‫احتمالية ان ممكن يحصل فقد في البيانات بسبب الهكر‬
Threat + vulnerability = Risk
? what are 5 phases of any attack -
reconnaissance (foot printing) *
‫ابدا اجمع معلومات عن السيستم‬

scanning ( address IP , port , vulnerabilities ) *

gaining access *
‫ابدا ادخل على الجهاز واخد صالحيات‬
maintaining *
vulnerabilities ‫بيظبط السيستم عشان يقدر يدخل عليه تاني وممكن يخبي ال‬
covering tracks *
‫يبدا يمسح االثار اللى وراه عشان محدش يعف يعمله تراك‬
? what is cryptography -
‫هوه علم تشفير البيانات على ال يتم اختراقها من قبل الهاكر‬
The art of protecting information by transforming it
(encrypting it) into an unreadable format, called cipher text.
Only those who possess a secret key can decipher (or decrypt)
.the message intoplain text
: Function
: confidentiality *
Encryption ( DES , 3DES , AES , SEAL , RC , RC2 , RC4 , RC5 , RC6)
: integrity *
Hashing ( md5,sha)
: authentication *
HMAC , RSA and DSA
? what is digital signature -
‫ بتاعتى بعملها األول‬Data ‫ يعنى أنا بأخد ال‬Digital Signature ‫يعنى ايه‬
Asymmetric Encryption ‫ ده‬Hashing ‫ و بعدين بعمل لل‬Hashing
‫ حاجات‬3 ‫فأنا كده حققت‬
‫ ما إتغيرش فيها حاجة ودى بتتم فى‬data‫ و دى معناها أن ال‬-: Integrity -1
Hashing ‫ طلعوا متطابقين و أنواع ال‬hash value ‫ لو‬Hashing ‫مرحلة ال‬
)MD5 , SH0 , SH1 , SH2 , SH3 ( ‫زى‬
‫ هو اللى بعت‬A ‫ و دى معناها أن اتأكدت إن اليوزر‬-: Authentication - 2
encryption ‫ اللى عمل بيه ال‬private key ‫الداتا ألن هو الوحيد اللى معاه ال‬
public key ‫و اللى أنا فكيته بال‬
‫ ما يقدرش ينكر أنه هو‬A ‫ و دى معناها أن يوزر‬-: Non Repudiation - 3
‫ علشان هو‬. private key ‫ ألنه هو الوحيد اللى معاه ال‬Data‫اللى بعتلى ال‬
‫ فأنا ساعتها‬Malicious Software ‫ و تكون فيها أى‬Data ‫ممكن يبعتلى ال‬
‫ممكن أخرب بيته‬
? what Is steganography -
The art and science of hiding information by embedding
messages within other, seemingly harmless messages.
Steganography works by replacing bits of useless or
unused datain regular computer files (such as graphics, sound,
text, HTML, or even floppy disks ) with bits of different,
invisible information. This hidden information can be plain
text, cipher text, or even images.
Steganography sometimes is used when encryption is not
permitted. Or, more commonly, steganography is used to
supplement encryption. An encrypted file may still hide
information using steganography, so even if the encrypted file
is deciphered, the hidden message is not seen.

? authentication , authorization and accountability -

Authentication : user name and password
: Authorization
‫مسموحلك تعمل ايه بالظبط‬
:Accountability
‫دخلت عملت ايه بالظبط‬
? confidentiality , integrity and availability -
: Confidentiality
‫ من ان‬unauthorized people , resources and processes ‫امنع ال‬
‫هما يوصلو للداتا‬
: Integrity
‫اني اضمن ان الداتا توصل كامله وسليمة وميحصلش فيها اى تعديل‬
)hash-md5-checksum(
: Availability
 24/7 ‫ تكون موجوده‬request ‫اتاكد ان الحاجه اللى هعمل عليها‬
: Nonrepudiation 
means to ensure that a transferred message has been sent
and received by the parties claiming to have sent and received
the message. Nonrepudiation is a way to guarantee that the
sender of a message cannot later deny having sent the
message and that the recipient cannot deny having received
.the message
:Nonrepudiation can be obtained through the use of
digital signatures -- function as a unique identifier for an
.individual, much like a written signature
confirmation services -- the message transfer agent can create
digital receipts to indicated that messages were sent and/or
.received
timestamps -- timestamps contain the date and time a
document was composed and proves that a document existed
.at a certain time