CHAPTER 1

INTRODUCTION TO SECURITY

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 1
  End of this class, students able to:
 1.3.1 Describe various types of Security Attacks
 1.3.2 Identify common types of Social Engineering
 1.4.1 Describe function of the various tools in
information security- Nmap, Netstat and Netscan
 1.5.1 Explain data wiping
 1.5.2 describe hard drive destruction
 1.5.3 describe hard drive recycling

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 2
 1.3: Explain Methods of Security Attacks

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 3
  Various Types Of Security Attacks
a. Reconnaissance attack (e.g sniffing, spoofing)
b. Access attack (e.g hacking, brute force)
c. Denial of Service attack
d. Distributed Denial of Service attack
e. Malicious code attack (e.g worms, viruses, Trojan
horses)

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 4
 Types of Attack
1. Reconnaissance Attack

2. Access Attack

3. Denial of Service attack (DOS)

4. Distributed Denial of Service (DDOS)

5. Malicious code attack

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 5
 Reconnaissance Attack
 This attack occurs when an adversary (enemy) tries to learn
information about your network - Unauthorized information
gathering on network system and services. 
 Enables the attacker to discover vulnerabilities or weaknesses on the
network.
 It precedes (come first) an actual access or DOS attack.
 A malicious intruder typically conducts a ping sweep of the target
network to determine which IP addresses are alive. Then the
intruder determines which services or ports are active on the live IP
addresses. From this information, the intruder queries the ports to
determine the type and version of the application and operating
system running on the target host.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 6
 Reconnaissance Example
•Packet sniffers – scan TCP/IP connections

•Port scans – scan open ports

•Ping sweep – to determine what IP addresses

are alive.

•Internet information queries – using software

(nslookup/whois), attacker can discover IP
address.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 7
 Access Attack
 An access attack occurs when someone tries to gain
unauthorized access to a component, tries to gain
unauthorized access to information on a component, or
increases their privileges on a network component.

 They use known vulnerabilities in authentication services,

FTP services, and web services to gain entry to web
accounts, confidential databases, and other sensitive
information.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 8
Access Attack Examples
1. Password attack - password attacks can be implemented
using a packet sniffer to yield user accounts and
passwords that are transmitted as clear text. Or it refers to
repeated attempts to identify a user account, password, or
both (brute-force attacks)
2. Trust Exploitation - compromise a trusted host, using it to
stage attacks on other hosts in a network.
3. Port Redirection - attacker taking network traffic coming
into a host on one port and directing it out from another
host.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 9
 Access Attack Examples
(cont.)
4. Man-in-the middle attack - middleman changing
information that travel from original sender to original
receiver. In a man in the middle attack, the intruder uses a
program that appears to be the server to the client and
appears to be the client to the server. The attack may
be used simply to gain access to the message, or enable
the attacker to modify the message before retransmitting
it.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 10
 Denial Of Service Attack (DoS)
 Disables the network by flooding useless network traffic

 The attacker tries to prevent a

service from being used by valid user and making Uh-Oh.
that service unavailable to Another
DoS
legitimate users attack!

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 11
 Denial Of Service Attack (DoS)

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 12
 Types of DoS Attack
 Ping of death
• Packet greater in size than the maximum allowed (65,535
bytes) is sent to a system, which cause the system to crash.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 13
 Types of DoS Attack
 Distributed Denial of Service
Attack (DDoS)
 Instead of one computer and one
internet connection like the DoS
attack, DDoS attack utilises
many computers and many
connections.
 The computers behind such an
attack are often distributed
around the whole world and will
be part of what is known as
a botnet (zombie army).

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 14
 DDoS Attack

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 15
 Malicious Code Attack
 It is program that inserted onto a host
to damage a system, corrupt a
system, replicate itself or deny
services or access to networks
systems or services.
 Malicious code attacks refers to
viruses, worms, Trojan horses, logic
bombs, and other uninvited software.
 Damages personal computers, but
also attacks systems that are more
sophisticated.
 Malicious code is an auto-executable
application. A new kind of threat
which cannot be blocked by anti-
virus software alone.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 16
 Differences between Worm, Virus & Trojan
Horse
Virus
Self-replicating program that
produces its own code by
attaching copies of itself into
other executable codes.
Require human action.
Spreading of computer virus,
mostly by sharing infecting
files or sending e-mails with
viruses as attachments in the
e-mail.
It also passing the infection
from one infected system to
another (attach to executable
file)
Example: Brain virus
ITE PC v4.1
Chapter 1
Worms Trojan Horse
Spread from computer to Appear to be useful software
computer, but unlike a virus, but will actually do damage
it has the capability to travel once installed or run on your
without any human action. computer. 
Replicate itself on your Designed to be annoying and
system, creating a huge malicious (like changing your
devastating effect. desktop, adding silly active
desktop icons) or can cause
serious damage (create a
backdoor, deleting files)
Do not need to infect other Do not reproduces by
file in order to reproduce. infecting other files
Example: Morris worm Example: Beast 17
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public
 GROUP DISCUSSION:
Find ONE VIDEO about 5 types of security attacks below and
explain about that video.
1. Reconnaissance Attack
2. Access Attack
3. Denial of Service attack (DOS)
4. Distributed Denial of Service (DDOS)
5. Malicious code attack

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 18
  Social Engineering
 Social engineering is the act of manipulating users into
revealing confidential information or performing other
actions detrimental to the user.
 Examples of social engineering are common in
everyday life.
 A basic example would be a person asking for your
username and password over the phone; often the
person uses flattery to gain information.
 Malicious people use various forms of social
engineering in an attempt to steal whatever you have of
value: your money, information, identity, confidential
company data, or IT equipment.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 19
 Types Of Social Engineering:

 Pretexting,
 Phishing
 Vishing

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 20
 Social engineering
 The easiest hack : involves no computer skill at all.
 If an intruder can trick a member of an organization into
giving over valuable information, such as locations of
files, and servers, and passwords, the process of
hacking is made immeasurably easier.
 An attack that relies heavily on human interaction and
often involves tricking people into breaking normal
security procedures. 
 Common types of Social Engineering: Pretexting,
Phishing and Vishing

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 21
 (a) Pretexting
 Pretexting is when a person invents a scenario, or pretext, in the
hope of persuading a victim to divulge information.
 Preparation and some prior information are often needed before
attempting a pretext; impersonation is often a key element.
 By impersonating the appropriate personnel or third-party entities,
a person performing a pretext hopes to obtain records about an
organization, its data, and its personnel.
 IT people and employees should always be on the lookout for
impersonators and always ask for identification.
 If there is any doubt, the issue should be escalated to your
supervisor and/or a call should be made to the authorities.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 22
 Pretexting
 The term pretexting indicates the practice of presenting
oneself as someone else to obtain private information.
Usually, attackers create a fake identity and use it to
manipulate the receipt of information.
 Attackers leveraging this specific social engineering
technique adopt several identities they have created.
This bad habit could expose their operations to the
investigations conducted by security experts and law
enforcement.
 The success of the pretexting attack heavily pretends
on the ability’s attacker to build trust.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 23
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 24
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 25
 (b) Phishing
 Phishing is the attempt at fraudulently obtaining
private information.
 A phisher usually masquerades as someone else,
perhaps another entity.
 There are two main differences between phishing and
pretexting.
 First, phishing is usually done by electronic
communication, not in person.
 Second, little information about the target is necessary.
 A phisher may target thousands of individuals without
much concern as to their background.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 26
  Phishing - process of attempting to acquire sensitive
information such as usernames, passwords and credit card
details by masquerading as a trustworthy entity in
an electronic communication (email).
 The act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the
user into surrendering private information that will be used for
identity theft.
 The e-mail directs the user to visit a Web site where they are
asked to update personal information, such as passwords and
credit card, social security, and bank account numbers, that the
legitimate organization already has.
 The Web site, however, is bogus and set up only to steal the
users information

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 27
 Common Types of Social Engineering
 How Phishing Works?

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 28
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 29
 (c) Vishing

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 30
 Vishing
 Vishing, otherwise known as "voice phishing", is the
using of social engineering over a telephone system to
gain access to private personal and financial
information from the public for the purpose of financial
reward. It is also employed by attackers for
reconnaissance purposes to gather more detailed
intelligence on a target organization.
 Phone calls may be automated message systems
recording all your inputs. Sometimes, a live person
might speak with you to increase trust and urgency.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 31
1.4: Discuss Various Tools In Information Security

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 32
 Various Tools In Information Security
 Function of the following tools
a. Network Mapper (Nmap)
b. Netstat
c. NetScan

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 33
  A network mapper is the best tool to use to determine
the topology of the network and to find out what devices
and computers reside on that network. One example of
this is the Network Topology Mapper.
 Netstat shows sessions including the local computer
and remote computer. It shows these connections by
computer name (or IP) and port name (or number).
 NetScans are processes in which LogicMonitor
Collectors periodically look for and automatically
discover devices in your network. NetScans streamline
the adding of devices to your LogicMonitor account,
which helps ensure your entire environment is properly
monitored.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 34
 NETWORK MAPPER
Nmap is a free and open source utility for network
discovery and
Security auditing.
Nmap supports all platform of OS like:
Linux/Unix
Microsoft
Mac

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 35
 Basic nmap functions
1) Host Discovery
- Which hosts are up (IP Addresses)
- Ping scans
2.) Port Scanning
- Which ports of a target host have servers listening
on them
- Allows a guess of software and services a machine
is running
3.) OS Detection
- TCP/IP fingerprinting

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 36
 NETSTAT

 Netstat is A command-line utility to view of active ports

on your machine and their status.
 This helps user to understand which ports are open,
closed, or listening for incoming connections.
 The information provided by netstat conveys an
accurate assumption of how vulnerable pc might be to
attacks on various ports.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 37
  Common attacks may include port 21 (ftp) and port 23
(telnet).
 A hacker can connect to these ports to obtain view of
the directory structure, download and upload files,
and, if the password is compromised, connect to the
host with complete control.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 38
  Netstat examines both basic TCP and UDP
connections.
 Netstat has ability to filter between tcp and udp.
Netstat can select a particular protocol, including IP,
ICMP, tcpv6 and udpv6, etc.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 39
  Netstat displays protocol statistics and current TCP/IP
network connections using the following command
switches:

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 40
 Netstat Switch Summary

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 41
 Using Multiple Switches
The user can specify multiple switches on the command line.

To combine multiple switched either of the following syntaxes will work an

yield the same result:

netstat -an
netstat -a -n

There is no limit on how many switches you use, as long as the switche
are compatible with each other.
For example, using the n switch with the r switch yields results of a standar
r switch.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 42
 NETSCAN
 NetScan is a powerful, flexible network monitoring
system that extracts information directly from the
control and user plane and makes it accessible in real-
time.
 In addition to full, end-to-end capabilities, NetScan
offers continuous monitoring of 100% of transactions
in real-time, ensuring that no data is lost or information
missed.
 All transactions in the network are captured,
processed, consolidated and stored for real-time or
historic reporting.
 It offers many important features for every mobile
ITE PC v4.1
operator.
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 43
 GROUP DISCUSSION:
 GOOGLE SLIDES

 Describe the meaning of each tools in information

security below:
a) Network Mapper (Nmap)
b) Netstat
c) NetScan

 Find the function of each tools with picture

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 44
1.5: Describe Access to Data and Equipment

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 45
 Access to Data and Equipment
 Data Wiping
 Hard Drive Destruction
 Hard Drive Recycling

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 46
 Data wiping
 Data wiping is a software-based method of overwriting
the data that aims to completely destroy all
electronic data residing on a hard disk drive or other
digital media.
 Wipe, in a computing context, means to render all data
on a hard drive  unreadable. The term is often used in
reference to making data stored on a computer,
smartphone or tablet inaccessible

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 47
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 48
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 49
 Hard drive destruction
 Hard drive destruction attack is an exploit that destroys
physical computer and electronic equipment.
 It can be enabled simply as a result of physical access
to the computer hardware, along with a tool for attack –
which could also be as simple as a hammer or a cup of
coffee.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 50
 Hard drive recycling
 Hard drive reuse
 Uses high-capacity shredders to destroy all data-
bearing media.
 The entire hard drive, including platters is shredded
into small pieces making it impossible to reconstruct the
media or data. 
 Hardware protection method is applicable.

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 51
 GROUP DISCUSSION:
1. FIND A VIDEO ABOUT:
 HOW TO DATA WIPING
 HOW TO HARD DRIVE DESTRUCTION
 HOW TO HARD DRIVE RECYCLING
2. EXPLAIN EACH VIDEO (5W, 1H)

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 52
  End of subtopic 1.3, 1.4 and 1.5

ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 53