Professional Documents
Culture Documents
Introduction To Security: © 2007 - 2010, Cisco Systems, Inc. All Rights Reserved. Cisco Public ITE PC v4.1
Introduction To Security: © 2007 - 2010, Cisco Systems, Inc. All Rights Reserved. Cisco Public ITE PC v4.1
Introduction To Security: © 2007 - 2010, Cisco Systems, Inc. All Rights Reserved. Cisco Public ITE PC v4.1
INTRODUCTION TO SECURITY
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 1
End of this class, students able to:
1.3.1 Describe various types of Security Attacks
1.3.2 Identify common types of Social Engineering
1.4.1 Describe function of the various tools in
information security- Nmap, Netstat and Netscan
1.5.1 Explain data wiping
1.5.2 describe hard drive destruction
1.5.3 describe hard drive recycling
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 2
1.3: Explain Methods of Security Attacks
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 3
Various Types Of Security Attacks
a. Reconnaissance attack (e.g sniffing, spoofing)
b. Access attack (e.g hacking, brute force)
c. Denial of Service attack
d. Distributed Denial of Service attack
e. Malicious code attack (e.g worms, viruses, Trojan
horses)
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 4
Types of Attack
1. Reconnaissance Attack
2. Access Attack
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 5
Reconnaissance Attack
This attack occurs when an adversary (enemy) tries to learn
information about your network - Unauthorized information
gathering on network system and services.
Enables the attacker to discover vulnerabilities or weaknesses on the
network.
It precedes (come first) an actual access or DOS attack.
A malicious intruder typically conducts a ping sweep of the target
network to determine which IP addresses are alive. Then the
intruder determines which services or ports are active on the live IP
addresses. From this information, the intruder queries the ports to
determine the type and version of the application and operating
system running on the target host.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 6
Reconnaissance Example
•Packet sniffers – scan TCP/IP connections
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 7
Access Attack
An access attack occurs when someone tries to gain
unauthorized access to a component, tries to gain
unauthorized access to information on a component, or
increases their privileges on a network component.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 8
Access Attack Examples
1. Password attack - password attacks can be implemented
using a packet sniffer to yield user accounts and
passwords that are transmitted as clear text. Or it refers to
repeated attempts to identify a user account, password, or
both (brute-force attacks)
2. Trust Exploitation - compromise a trusted host, using it to
stage attacks on other hosts in a network.
3. Port Redirection - attacker taking network traffic coming
into a host on one port and directing it out from another
host.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 9
Access Attack Examples
(cont.)
4. Man-in-the middle attack - middleman changing
information that travel from original sender to original
receiver. In a man in the middle attack, the intruder uses a
program that appears to be the server to the client and
appears to be the client to the server. The attack may
be used simply to gain access to the message, or enable
the attacker to modify the message before retransmitting
it.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 10
Denial Of Service Attack (DoS)
Disables the network by flooding useless network traffic
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 11
Denial Of Service Attack (DoS)
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 12
Types of DoS Attack
Ping of death
• Packet greater in size than the maximum allowed (65,535
bytes) is sent to a system, which cause the system to crash.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 13
Types of DoS Attack
Distributed Denial of Service
Attack (DDoS)
Instead of one computer and one
internet connection like the DoS
attack, DDoS attack utilises
many computers and many
connections.
The computers behind such an
attack are often distributed
around the whole world and will
be part of what is known as
a botnet (zombie army).
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 14
DDoS Attack
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 15
Malicious Code Attack
It is program that inserted onto a host
to damage a system, corrupt a
system, replicate itself or deny
services or access to networks
systems or services.
Malicious code attacks refers to
viruses, worms, Trojan horses, logic
bombs, and other uninvited software.
Damages personal computers, but
also attacks systems that are more
sophisticated.
Malicious code is an auto-executable
application. A new kind of threat
which cannot be blocked by anti-
virus software alone.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 16
Differences between Worm, Virus & Trojan
Horse
Virus Worms Trojan Horse
Self-replicating program that Spread from computer to Appear to be useful software
produces its own code by computer, but unlike a virus, but will actually do damage
attaching copies of itself into it has the capability to travel once installed or run on your
other executable codes. without any human action. computer.
Require human action.
It also passing the infection Do not need to infect other Do not reproduces by
from one infected system to file in order to reproduce. infecting other files
another (attach to executable
file)
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 18
Social Engineering
Social engineering is the act of manipulating users into
revealing confidential information or performing other
actions detrimental to the user.
Examples of social engineering are common in
everyday life.
A basic example would be a person asking for your
username and password over the phone; often the
person uses flattery to gain information.
Malicious people use various forms of social
engineering in an attempt to steal whatever you have of
value: your money, information, identity, confidential
company data, or IT equipment.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 19
Types Of Social Engineering:
Pretexting,
Phishing
Vishing
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 20
Social engineering
The easiest hack : involves no computer skill at all.
If an intruder can trick a member of an organization into
giving over valuable information, such as locations of
files, and servers, and passwords, the process of
hacking is made immeasurably easier.
An attack that relies heavily on human interaction and
often involves tricking people into breaking normal
security procedures.
Common types of Social Engineering: Pretexting,
Phishing and Vishing
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 21
(a) Pretexting
Pretexting is when a person invents a scenario, or pretext, in the
hope of persuading a victim to divulge information.
Preparation and some prior information are often needed before
attempting a pretext; impersonation is often a key element.
By impersonating the appropriate personnel or third-party entities,
a person performing a pretext hopes to obtain records about an
organization, its data, and its personnel.
IT people and employees should always be on the lookout for
impersonators and always ask for identification.
If there is any doubt, the issue should be escalated to your
supervisor and/or a call should be made to the authorities.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 22
Pretexting
The term pretexting indicates the practice of presenting
oneself as someone else to obtain private information.
Usually, attackers create a fake identity and use it to
manipulate the receipt of information.
Attackers leveraging this specific social engineering
technique adopt several identities they have created.
This bad habit could expose their operations to the
investigations conducted by security experts and law
enforcement.
The success of the pretexting attack heavily pretends
on the ability’s attacker to build trust.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 23
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 24
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 25
(b) Phishing
Phishing is the attempt at fraudulently obtaining
private information.
A phisher usually masquerades as someone else,
perhaps another entity.
There are two main differences between phishing and
pretexting.
First, phishing is usually done by electronic
communication, not in person.
Second, little information about the target is necessary.
A phisher may target thousands of individuals without
much concern as to their background.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 26
Phishing - process of attempting to acquire sensitive
information such as usernames, passwords and credit card
details by masquerading as a trustworthy entity in
an electronic communication (email).
The act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the
user into surrendering private information that will be used for
identity theft.
The e-mail directs the user to visit a Web site where they are
asked to update personal information, such as passwords and
credit card, social security, and bank account numbers, that the
legitimate organization already has.
The Web site, however, is bogus and set up only to steal the
users information
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 27
Common Types of Social Engineering
How Phishing Works?
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 28
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 29
(c) Vishing
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 30
Vishing
Vishing, otherwise known as "voice phishing", is the
using of social engineering over a telephone system to
gain access to private personal and financial
information from the public for the purpose of financial
reward. It is also employed by attackers for
reconnaissance purposes to gather more detailed
intelligence on a target organization.
Phone calls may be automated message systems
recording all your inputs. Sometimes, a live person
might speak with you to increase trust and urgency.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 31
1.4: Discuss Various Tools In Information Security
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 32
Various Tools In Information Security
Function of the following tools
a. Network Mapper (Nmap)
b. Netstat
c. NetScan
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 33
A network mapper is the best tool to use to determine
the topology of the network and to find out what devices
and computers reside on that network. One example of
this is the Network Topology Mapper.
Netstat shows sessions including the local computer
and remote computer. It shows these connections by
computer name (or IP) and port name (or number).
NetScans are processes in which LogicMonitor
Collectors periodically look for and automatically
discover devices in your network. NetScans streamline
the adding of devices to your LogicMonitor account,
which helps ensure your entire environment is properly
monitored.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 34
NETWORK MAPPER
Nmap is a free and open source utility for network
discovery and
Security auditing.
Nmap supports all platform of OS like:
Linux/Unix
Microsoft
Mac
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 35
Basic nmap functions
1) Host Discovery
- Which hosts are up (IP Addresses)
- Ping scans
2.) Port Scanning
- Which ports of a target host have servers listening
on them
- Allows a guess of software and services a machine
is running
3.) OS Detection
- TCP/IP fingerprinting
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 36
NETSTAT
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 37
Common attacks may include port 21 (ftp) and port 23
(telnet).
A hacker can connect to these ports to obtain view of
the directory structure, download and upload files,
and, if the password is compromised, connect to the
host with complete control.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 38
Netstat examines both basic TCP and UDP
connections.
Netstat has ability to filter between tcp and udp.
Netstat can select a particular protocol, including IP,
ICMP, tcpv6 and udpv6, etc.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 39
Netstat displays protocol statistics and current TCP/IP
network connections using the following command
switches:
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 40
Netstat Switch Summary
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 41
Using Multiple Switches
The user can specify multiple switches on the command line.
netstat -an
netstat -a -n
There is no limit on how many switches you use, as long as the switche
are compatible with each other.
For example, using the n switch with the r switch yields results of a standar
r switch.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 42
NETSCAN
NetScan is a powerful, flexible network monitoring
system that extracts information directly from the
control and user plane and makes it accessible in real-
time.
In addition to full, end-to-end capabilities, NetScan
offers continuous monitoring of 100% of transactions
in real-time, ensuring that no data is lost or information
missed.
All transactions in the network are captured,
processed, consolidated and stored for real-time or
historic reporting.
It offers many important features for every mobile
ITE PC v4.1
operator.
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 43
GROUP DISCUSSION:
GOOGLE SLIDES
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 44
1.5: Describe Access to Data and Equipment
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 45
Access to Data and Equipment
Data Wiping
Hard Drive Destruction
Hard Drive Recycling
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 46
Data wiping
Data wiping is a software-based method of overwriting
the data that aims to completely destroy all
electronic data residing on a hard disk drive or other
digital media.
Wipe, in a computing context, means to render all data
on a hard drive unreadable. The term is often used in
reference to making data stored on a computer,
smartphone or tablet inaccessible
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 47
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 48
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 49
Hard drive destruction
Hard drive destruction attack is an exploit that destroys
physical computer and electronic equipment.
It can be enabled simply as a result of physical access
to the computer hardware, along with a tool for attack –
which could also be as simple as a hammer or a cup of
coffee.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 50
Hard drive recycling
Hard drive reuse
Uses high-capacity shredders to destroy all data-
bearing media.
The entire hard drive, including platters is shredded
into small pieces making it impossible to reconstruct the
media or data.
Hardware protection method is applicable.
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 51
GROUP DISCUSSION:
1. FIND A VIDEO ABOUT:
HOW TO DATA WIPING
HOW TO HARD DRIVE DESTRUCTION
HOW TO HARD DRIVE RECYCLING
2. EXPLAIN EACH VIDEO (5W, 1H)
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 52
End of subtopic 1.3, 1.4 and 1.5
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 53