Scribd Logo
Upload

Welcome to Scribd!

  • Session 1 & 2

    Uploaded by

    Sajjad Ahmad
    11 views18 pages
    Security Presentation

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Security Presentation

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    11 views18 pages

    Session 1 & 2

    Uploaded by

    Sajjad Ahmad
    Security Presentation

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 18

    Session 1 & 2

    Course: Advanced Network Security &


    Monitoring

    Topic: Introduction to Network Security


    Why Ethical Hacking is Necessary?

    Accredited and Copyright © 2017 by


    Security

    Security
    • Freedom from risk or danger; Safety
    • Measure adopted to prevent a crime; peace
    • Freedom from doubt, anxiety, or fear; confidence

    Network Security
    • Mechanisms to prevent, detect and recover from network
    attacks or for auditing purpose
    • “Protecting tomorrow systems against yesterday’s
    threats”

    Session 1 Introduction to Network Security. All Rights Reserved 2


    Terminology

    • Assets and Liabilities


    • Policies
    • Security Breeches
    • Vulnerabilities

    • Attacks
    • Threads
    • Thread Integrity

    Session 1 Introduction to Network Security. All Rights Reserved 3


    Security Goal
    • Three main Objective of the Security
    • C onfidentiality

    • I ntegrity
    • A vailability

    Session 1 Introduction to Network Security. All Rights Reserved 4


    Elements of Information Security

    • Physical Elements

    • System Elements

    • Process Elements

    Session 1 Introduction to Network Security. All Rights Reserved 5


    Internet Crime Current

    • 431 million adults experienced cybercrime in last year

    • 1+ million daily victims (14 each second)

    • 79% Internet users online 49+ hours per week been victims

    • 1 in 2.27 = odds consumer become cybercrime victim

    • $388 billion total cost cybercrime

    Session 1 Introduction to Network Security. All Rights Reserved 6


    The Security, Functionality, and Usability

    The S.F.U (Security. Functionality. Usability/Ease of Use) is a security


    triad widely used
    Using the S.F.U Security Triads
    • Simply focusing on any one individual factor will severely impaired
    the others.
    • Increased in Security will impair Functionality and Usability
    • Increased in Functionality will cause vitiation of Security and
    Usability
    • Increased in Usability reduce Security and Functionality

    Session 1 Introduction to Network Security. All Rights Reserved 7


    Hacker and Ethical hacker

    • Hackers
    – Access computer system or network without authorization
    – Breaks the law; can go to prison

    • Ethical hacker
    – Performs most of the same activities but with owner’s
    permission
    – Employed by companies to perform penetration tests

    • What you can do legally as an ethical hacker


    • What you cannot do as an ethical hacker

    Session 1 Introduction to Network Security. All Rights Reserved 8


    What You Can Do Legally

    • As an ethical hacker, be aware of what is allowed


    and what is not allowed
    – Laws involving technology change as rapidly as
    technology itself
    – Find what is legal for you locally
    • Laws change from place to place

    • Some hacking Tools on your computer might be


    illegal to possess
    – Contact local law enforcement agencies before
    installing hacking tools

    Session 1 Introduction to Network Security. All Rights Reserved 9


    What You Cannot Do Legally

    • Accessing a computer without permission is illegal


    • Other illegal actions
    – Installing worms or viruses
    – Denial of Service attacks
    – Denying users access to network resources
    • As an independent contractor (ethical hacker), using a
    contract is just good business
    – Contracts may be useful in court
    – Internet can also be a useful resource
    – Have an attorney read over your contract before sending
    or signing it

    Session 1 Introduction to Network Security. All Rights Reserved 10


    Network Scanning

    The purpose of network scanning is as follows:


    • Recognize available UDP and TCP network services running on the
    targeted hosts
    • Recognize filtering systems between the user and the targeted
    hosts
    • Determine the operating systems (OSs) in use by assessing IP
    responses
    • Evaluate the target host's TCP sequence number predictability to
    determine sequence prediction attack and TCP spoofing

    Session 1 Introduction to Network Security. All Rights Reserved 11


    Conti…

    • Gather information regarding computing


    systems.
    • Security assessment
    • System maintenance
    • Performing attacks by hackers.

    Session 1 Introduction to Network Security. All Rights Reserved 12


    Penetration test

    • Penetration test
    – Legal attempt to break into a company’s
    network to find its weakest link
    – Tester only reports findings

    Session 1 Introduction to Network Security. All Rights Reserved 13


    Security test

    • Security test
    – More than an attempt to break in; also
    includes analyzing company’s security policy
    and procedures
    – Tester offers solutions to secure or protect
    the network

    Session 1 Introduction to Network Security. All Rights Reserved 14


    Penetration-Testing Methodologies

    • Penetration-Testing Methodologies

    – White box model

    – Black box model

    – Gray box model

    Session 1 Introduction to Network Security. All Rights Reserved 15


    White box model

    – Tester is told everything about the network

    topology and technology

    – Tester is authorized to interview IT personnel

    and company employees

    – Makes tester job a little easier

    Session 1 Introduction to Network Security. All Rights Reserved 16


    Black box model

    – Company staff does not know about the test

    – Tester is not given details about the network


    • Burden is on the tester to find these details

    – Tests if security personnel are able to detect


    an attack

    Session 1 Introduction to Network Security. All Rights Reserved 17


    Gray box model

    – Hybrid of the white and black box models

    – Company gives tester partial information

    Session 1 Introduction to Network Security. All Rights Reserved 18

    You might also like