J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering
|
|
- Antonia Rodgers
- 5 years ago
- Views:
Transcription
1 J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering CCI Post Office Box 9627 Mississippi State, MS Voice: (662) Fax: (662) Mississippi State University Center for Cyber Innovation 1
2 Section Objectives Describe sniffing concepts, including active and passive sniffing and protocols susceptible to sniffing Describe ethical hacking techniques for Layer 2 traffic Describe sniffing tools and understand their output Describe sniffing countermeasures Learn about intrusion detection system (IDS), firewall, and honeypot types, use, and placement Describe signature analysis within Snort Describe IDS, firewall, and honeypot evasion techniques Mississippi State University Center for Cyber Innovation 2
3 Sniffing and Evasion Dr. Drew Hamilton Reference: Aarti Dhone, UNR Reference: Behrouz Forouzan, McGraw- Hill s TCP/IP Protocol Suite Reference: Matt Walker All-in-One CEH Certified Ethical Hacker Mississippi State University Center for Cyber Innovation 3
4 Active and Passive Security Threats Passive Threats Active Threats Traffic Analysis Compromise of Message Contents Masquerade Replay Denial of Service Msg Content Modification Mississippi State University Center for Cyber Innovation 4
5 Packet Sniffers Packet Sniffer Definition: A packet sniffer is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic. Components of a packet sniffer: Hardware : standard network adapters. Capture Filter : This is the most important part. It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer. Buffers : used to store the frames captured by the Capture Filter. Real-time analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection Decoder : "Protocol Analysis. Mississippi State University Center for Cyber Innovation 5
6 How does a Sniffer Work? Sniffers also work differently depending on the type of network they are in. Shared Ethernet Switched Ethernet Detecting a sniffer ARP Ping DNS Mississippi State University Center for Cyber Innovation 6
7 Packet Sniffer Mitigation Host A Router A Router B Host B The following techniques and tools can be used to mitigate sniffers: Authentication Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. Switched infrastructure Deploy a switched infrastructure to counter the use of packet sniffers in your environment. Antisniffer tools Use these tools to employ software and hardware designed to detect the use of sniffers on a network. Cryptography The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant. Mississippi State University Center for Cyber Innovation 7
8 Wireshark Kismet Tcpdump Cain and Abel E8ercap Dsniff NetStumbler Ntop Ngrep EtherApe KisMAC Top 11 Packet Sniffers Mississippi State University Center for Cyber Innovation 8
9 What are sniffers used for? Detection of clear-text passwords and usernames from the network. Conversion of data to human readable format so that people can read the traffic. Performance analysis to discover network bottlenecks. Network intrusion detection in order to discover hackers. Mississippi State University Center for Cyber Innovation 9
10 Review: IPv4 Packer Header Mississippi State University Center for Cyber Innovation 10
11 IPv6 Address Truncation (Prowse) Consider IPV6 address 2001:7120:0000:8001:0000:0000:0000:1F10 3 parts Global routing prefix: 2001:7120:0000 Subnet: 8001 Interface ID: 0000:0000:0000:1F10 Truncation: 1 st remove any leading zeroes 2 nd any group of 4 zeroes can be truncated down to a single zero 3 rd one consecutive group of zeroes can be truncated as a double colon (so 0000:0000:0000 becomes ::) 2001:7120:0:8001::1F10 Mississippi State University Center for Cyber Innovation 11
12 IPV6 Addressing notes IPv6 loopback address is Truncates To ::1 Double colon can only be used once in an Ipv6 address Mississippi State University Center for Cyber Innovation 12
13 Wireless Sniffing If you re on the wireless web, you re at risk! Hackers can steal s Usernames and Passwords Credit card numbers Anything you type on a website that doesn t use SSL (HTTPS) Tools of the Trade Wireshark Freely available online Captures traffic (HTTPS/pop/etc) of everyone on a given network Special Wireless Card Promiscuous Mode Inexpensive (~$30) Mississippi State University Center for Cyber Innovation 13
14 Wireshark Mississippi State University Center for Cyber Innovation 14
15 Exam Notes: Walker The IPv4 loopback address (denoting the software loopback of your own machine) is MAC address of broadcast messages is FF:FF:FF:FF:FF:FF The MAC address (a.k.a. physical address) that is burned onto a NICis actually made of two sections. The first half of the address, consisting of 3 bytes (24 bits), is known as the organizational unique identifier and is used to identify the card manufacturer. The second half is a unique number burned in at manufacturing to ensure no two cards on any given subnet will have the same address. Mississippi State University Center for Cyber Innovation 15
16 WinPcap: the Free Packet Capture Library for Windows WinPcap is an open source library for packet capture and network analysis for the Win32 platforms. It includes a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap version 0.6.2). The packet filter is a device driver that adds to Windows 95, 98, ME, NT, 2000, XP and 2003 the ability to capture and send raw data from a network card, with the possibility to filter and store in a buffer the captured packets. Packet.dll is an API that can be used to directly access the functions of the packet driver, offering a programming interface independent from the Microsoft OS. Wpcap.dll exports a set of high level capture primitives that are compatible with libpcap, the well known Unix capture library. These functions allow to capture packets in a way independent from the underlying network hardware and operating system. WinPcap is released under a BSD-style license. Mississippi State University Center for Cyber Innovation 16
17 Nmap Free Network Scanner for Network Exploration and Security Mississippi State University Center for Cyber Innovation 17
18 Snort The de facto standard for intrusion detection and prevention Simple, Efficient FREE IDS Very well-written and maintained, robust application Snort is driven by a set of (community developed) rules Actively (constantly) under development Windows and UNIX versions available Mississippi State University Center for Cyber Innovation 18
19 Snort Alerts generated and/or packets logged when a "rule" is triggered. Very simple rule language for writing your own rules Ability to log alerts to syslog, directories in ascii, tcpdump format raw data Different alert styles from one-line, to verbose Modular "plug-in" architecture for adding functionality Many available plug-ins, including SQL and Oracle database logging, statistical analysis, TCP stream and telnet session reassembly, active response using "sniping" Resistant against some of the newer attacks directed at foiling IDSs Mississippi State University Center for Cyber Innovation 19
20 Ethereal Protocol Analyzer Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows. Data can be captured "off the wire" from a live network connection, or read from a capture file. 673 protocols can currently be dissected Mississippi State University Center for Cyber Innovation 20
21 Ethereal Ethereal can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdumpformat), the AG Group's/WildPacket's EtherPeek/TokenPeek/ AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly. Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE , Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms). Captured network data can be browsed via a GUI, or via the TTYmode "tethereal" program. Capture files can be programmatically edited or converted via command-line switches to the "editcap" program. Mississippi State University Center for Cyber Innovation 21
22 Ethereal Mississippi State University Center for Cyber Innovation 22
23 Protocol Sniffing SMTP Simple Mail Transport Protocol SMTP (including V3) sends as plaintext FTP versus SFTP / SCP Passes userids and passwords in the clear TFTP passes everything in the clear Other protocols with cleartext passwords SNMPv1 NNTP IMAP POP3 HTTP Mississippi State University Center for Cyber Innovation 23
24 Address Mapping The delivery of a packet to a host or a router requires two levels of addressing: logical and physical. We need to be able to map a logical address to its corresponding physical address and vice versa. These can be done using either static or dynamic mapping. Mississippi State University Center for Cyber Innovation 24
25 Address Mapping Anytime a host or a router has an IP datagram to send to another host or router, it has the logical (IP) address of the receiver. But the IP datagram must be encapsulated in a frame to be able to pass through the physical network. This means that the sender needs the physical address of the receiver. A mapping corresponds a logical address to a physical address. ARP accepts a logical address from the IP protocol, maps the address to the corresponding physical address and pass it to the data link layer. Mississippi State University Center for Cyber Innovation 25
26 ARP Packet Mississippi State University Center for Cyber Innovation 26
27 Encapsulation of ARP Packet Type: 0x0806 Preamble and SFD Destination address Source address Type Data CRC 8 bytes 6 bytes 6 bytes 2 bytes 4 bytes Mississippi State University Center for Cyber Innovation 27
28 Four Examples of Using ARP Mississippi State University Center for Cyber Innovation 28 28
29 ARP Example A host with IP address and physical address B2:34:55:10:22:10 has a packet to send to another host with IP address and physical address A4:6E:F4:59:83:AB. The two hosts are on the same Ethernet network. Show the ARP request and reply packets Mississippi State University Center for Cyber Innovation 29 encapsulated in Ethernet frames
30 ARP Cache Poisoning Mississippi State University Center for Cyber Innovation 30
31 ARP Cache Poisoning If victim sends an ARP request and gets and gets an ARP reply, then ARP has no way to verify correctness of IP to MAC mapping. Mississippi State University Center for Cyber Innovation 31
32 MAC Flooding All switches know are flooding or forwarding. If switch receives a unicast msg it will forward to the port where the MAC address is connected Switches can flood all of its ports. Switch uses Modern switches protect against MAC flooding, but may be susceptible to MAC spoofing. Content Addressable Memory (CAM) Cached table that maps MAC addresses to switch ports. ex. MAC A is on port 1. Mississippi State University Center for Cyber Innovation 32
33 MAC Flooding Attack Mississippi State University Center for Cyber Innovation 33
34 DHCP Starvation Works by flooding DHCP server to use up all available IP addresses Mississippi State University Center for Cyber Innovation 34
35 DHCP Snooping Mitigates DHCP starvation DHCP snooping is a layer 2 security technology built into the operating system of a capable network switch that drops DHCP traffic determined to be unacceptable. The fundamental use case for DHCP snooping is to prevent unauthorized (rogue) DHCP servers offering IP addresses to DHCP clients. Mississippi State University Center for Cyber Innovation 35
36 Screened Subnet Architectures Perimeter Network Bastion Host Interior Router Exterior Router Perimeter Network Bastion Host Internet Exterior Router Internal Network Interior Router Mississippi State University Center for Cyber Innovation 36
37 What is a Bastion Host? SANS Institute Intrusion Detection FAQ A bastion host is a computer that is fully exposed to attack. The system is on the public side of the demilitarized zone (DMZ), unprotected by a firewall or filtering router. Frequently the roles of these systems are critical to the network security system. Indeed the firewalls and routers can be considered bastion hosts. Due to their exposure a great deal of effort must be put into designing and configuring bastion hosts to minimize the chances of penetration. Other types of bastion hosts include web, mail, DNS, and FTP servers. Some network administrators will also use sacrificial lambs as bastion hosts, these systems are deliberately exposed to potential hackers to both delay and facilitate tracking of attempted break-ins. Mississippi State University Center for Cyber Innovation 37
38 Configuring a Bastion Host Effective bastion hosts are configured very differently from typical hosts. Each bastion host fulfills a specific role, all unnecessary services, protocols, programs, and network ports are disabled or removed. Bastion hosts do not share authentication services with trusted hosts within the network so that if a bastion is compromised the intruder will still not have 'the keys to the castle.' A bastion host is hardened to limit potential methods of attack. Mississippi State University Center for Cyber Innovation 38
39 Hardening a Bastion Host The specific steps to harden a particular bastion host depend upon the intended role of that host as well as the operating system and software that it will be running. Access Control Lists (ACLs) will be modified on the file system and other system objects; all unnecessary TCP and UDP ports will be disabled; all non-critical services and daemons will be removed; as many utilities and system configuration tools as is practical will also be removed. All appropriate service packs, hot fixes, and patches should be installed. Logging of all security related events need to be enabled and steps need to be taken to ensure the integrity of the logs so that a successful intruder is unable to erase evidence of their visit. Any local user account and password databases should be encrypted if possible. Mississippi State University Center for Cyber Innovation 39
40 Proxy Servers reality and illusion Proxy systems deal with insecurity problems by avoiding user logins on the dual homed host and by forcing connections through controlled software Proxy Server Bastion Host Client External Server User s Illusion User External Host Mississippi State University Center for Cyber Innovation 40
41 Proxy Servers A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers have two major functions Improve Performance: Proxy servers can dramatically improve performance because proxy servers save the results of all requests for a certain amount of time. Consider the case where both user X and user Y access the WWW through a proxy server. First user X requests a certain Web page, which we'll call Page 1. Sometime later, user Y requests the same page. Instead of forwarding the request to the Web server where Page 1 resides, which can be a time-consuming operation, the proxy server simply returns the Page 1 that it already fetched for user X. Since the proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers can support hundreds or thousands of users. Filter Requests: Proxy servers can also be used to filter requests. For example, a company might use a proxy server to prevent its employees from accessing a specific set of Web sites. Mississippi State University Center for Cyber Innovation 41
42 Securing the Network Apps The last step to securing a bastion host may be the most difficult: securing whatever network application the host is running. Very often the vendor of a web or streaming media server doesn't consider security risks while developing their product. It is usually up to the system administrator to determine through testing what ACLs they need to modify to lock down the network application as thoroughly as possible without disabling the very features that make is a useful tool. It is also necessary to closely track the latest announcements from the vendor regarding security problems, workarounds, and patches. The more popular network applications also tend to inspire the creation of independent mailing lists, newsgroups, and websites that can be tracked for additional insights. Mississippi State University Center for Cyber Innovation 42
43 Network Address Translation (NAT) (Cisco) Developed by Cisco, Network Address Translation is used by a device (firewall, router or computer) that sits between an internal network and the rest of the world. NAT has many forms and can work in several ways Mississippi State University Center for Cyber Innovation 43
44 Static NAT Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network. unregistered means a host with an IP address but no domain name registered in the DNS. In static NAT, the computer with the IP address of will always translate to Mississippi State University Center for Cyber Innovation 44
45 Dynamic NAT Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. In dynamic NAT, the computer with the IP address will translate to the first available address in the range from to Mississippi State University Center for Cyber Innovation 45
46 Overloading Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT. In overloading, each computer on the private network is translated to the same IP address ( ), but with a different port number assignment. Mississippi State University Center for Cyber Innovation 46
47 Overlapping Overlapping - When the IP addresses used on your internal network are registered IP addresses in use on another network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. It is important to note that the NAT router must translate the "internal" addresses to registered unique addresses as well as translate the "external" registered addresses to addresses that are unique to the private network. This can be done either through static NAT or by using DNS and implementing dynamic NAT. The internal IP range ( xx) is also a registered range used by another network. Therefore, the router is translating the addresses to avoid a potential conflict with another network. It will also translate the registered global IP addresses back to the unregistered local IP addresses when information is sent to the internal network. Mississippi State University Center for Cyber Innovation 47
48 Firewall Selection Single Purpose Router or a General Purpose Computer? Packet filtering should be only activity on the device Combinations of proxy servers and/or bastion hosts may be implemented on routing device Serious increase in hardware performance requirements Simple specification of rules Packet filtering is complicated to begin with because the protocols are complex, rule implementation should not add complexity. It should allow rules based on any header or meta-packet criteria Header information is in the packet Meta-packet information are those things routers recognize outside of the header Mississippi State University Center for Cyber Innovation 48
49 Applying filtering rules Apply rules in the order specified Reordering makes it more difficult to analyze what is going on Any quirks or bugs in the rule set may be obscured Reordering rules can break a rule set that would otherwise work correctly Example Rule A permits the university network to reach your research subnet Rule B locks out a hostile subnet at the university out of everything else Rule C disallows Internet access to your subnet Rule order ABC Packet from hostile subnet allowed to research subnet (rule A) Rule order BAC Packet from hostile subnet denied access to research subnet (rule B) Rule may have limited granularity Mississippi State University Center for Cyber Innovation 49
50 More packet filtering guidelines Allow rules to be applied separately to incoming and outgoing packets on a per-interface basis provide maximum flexibility when only outgoing packets can be viewed then: The filtering system is always outside of its filters More difficult to detect forged packets Forgery is most easily detected when the packet enters from outside the system Routers can generate packets themselves and sometimes process internal packets (due to fixed paths for example). Filtering outgoing packets only is more complicated when the router has multiple ports Allow option to log accepted or dropped packets Support good testing and validation capabilities Mississippi State University Center for Cyber Innovation 50
51 Honeypots High interaction honeypots simulates all services and applications and is designed to be completely compromised. Low interaction honeypots simulate limited services and cannot ecompletely compromised. Mississippi State University Center for Cyber Innovation 51
52 Summary Section Objectives Describe sniffing concepts, including active and passive sniffing and protocols susceptible to sniffing Describe ethical hacking techniques for Layer 2 traffic Describe sniffing tools and understand their output Describe sniffing countermeasures Learn about intrusion detection system (IDS), firewall, and honeypot types, use, and placement Describe signature analysis within Snort Describe IDS, firewall, and honeypot evasion techniques Mississippi State University Center for Cyber Innovation 52
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic Objectives After completing this chapter, you should be able to: Understand network
More informationSniffing & Keylogger. Deff Arnaldy, M.Si
Sniffing & Keylogger Deff Arnaldy, M.Si 0818 0296 4763 deff_arnaldy@yahoo.com 1 Konsep sniffing Capturing Live Network Data Explorasi hasil capturing Countermeasure sniffing Keyloggers Overview 2 Sniffer
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationThe following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using
Module 08: Sniffers Objective The objective of this lab is to make students learn to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to: Sniff
More informationECCouncil Certified Ethical Hacker. Download Full Version :
ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationCIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationFirewalls, IDS and IPS. MIS5214 Midterm Study Support Materials
Firewalls, IDS and IPS MIS5214 Midterm Study Support Materials Agenda Firewalls Intrusion Detection Systems Intrusion Prevention Systems Firewalls are used to Implement Network Security Policy Firewalls
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationAssignment - 1 Chap. 1 Wired LAN s
Assignment - 1 Chap. 1 Wired LAN s 1. (1 Mark) 1. Draw the frame format of Ethernet. 2. What is unicast, multicast and broadcast address? 3. State the purpose of CRC field. 2. (5 Marks) 1. Explain how
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationTCP/IP Fundamentals. Introduction. Practice Practice : Name. Date Period
Name Date Period TCP/IP Fundamentals Introduction For the Network+ Certification exam, you should be able to identify the class of an IP address, an APIPA IP address, and a private IP address as well as
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationChapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.
Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationAdvanced Security and Forensic Computing
Advanced Security and Forensic Computing Unit 2: Network Security Elements Dr Dr Bill Buchanan, Reader, School of of Computing. >Unit 2: 2: Network Security Elements Advanced Security and Forensic Computing
More informationCOMPARATIVE ANALYSIS OF PACKET SNIFFERS : A STUDY
COMPARATIVE ANALYSIS OF PACKET SNIFFERS : A STUDY ABSTRACT Jyoti Senior Engineer, Bharat Electronics Limited (India) Today everything is being centralized through a common dedicated network to ease its
More informationGlobal Information Assurance Certification Paper
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationn Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort
Outline n Describe sniffing concepts, including active and passive sniffing and protocols susceptible to sniffing n Describe ethical hacking techniques for Layer 2 traffic Chapter #4: n Describe sniffing
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationCCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,
CCNA Cisco Certified Network Associate (200-125) Exam DescrIPtion: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment
More informationAdvanced Security and Mobile Networks
WJ Buchanan. ASMN (1) Advanced Security and Mobile Networks Unit 1: Network Security Application Presentation Session Transport Network Data Link Physical OSI Application Transport Internet Internet model
More informationErasable Programmable Read-Only Memory (EPROM) Electrically Erasable Programmable Read-Only Memory (EEPROM) CMOS 2.2.
Day - 1 1. INTRODUCTION 1.1 What is Security? 1.2 What is Cyber Security? 1.3 What is Information Security? 1.4 What are the Layers of Security? 1.5 What are the Classification of Security? 1.6 What are
More informationCisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]
s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationIdentify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)
Course Outline Network+ Duration: 5 days (30 hours) Learning Objectives: Install and configure a network card Define the concepts of network layers Understand and implement the TCP/IP protocol Install
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationACCURATE STUDY GUIDES, HIGH PASSING RATE! Question & Answer. Dump Step. provides update free of charge in one year!
DUMP STEP Question & Answer ACCURATE STUDY GUIDES, HIGH PASSING RATE! Dump Step provides update free of charge in one year! http://www.dumpstep.com Exam : MK0-201 Title : CPTS - Certified Pen Testing Specialist
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationCCNA Routing and Switching (NI )
CCNA Routing and Switching (NI400+401) 150 Hours ` Outline The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that is
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationDefining Networks with the OSI Model. Module 2
Defining Networks with the OSI Model Module 2 Objectives Skills Concepts Objective Domain Description Objective Domain Number Understanding OSI Basics Defining the Communications Subnetwork Defining the
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationITdumpsFree. Get free valid exam dumps and pass your exam test with confidence
ITdumpsFree http://www.itdumpsfree.com Get free valid exam dumps and pass your exam test with confidence Exam : 312-50v10 Title : Certified Ethical Hacker Exam (CEH v10) Vendor : EC-COUNCIL Version : DEMO
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More information06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322
1 Local & Metropolitan Area Networks ACOE322 Lecture 5 TCP/IP Protocol suite and IP addressing 1 0. INTRODUCTION We shall cover in this topic: 1. The relation of TCP/IP with internet and OSI model 2. Internet
More informationCertified Penetration Testing Consultant
Certified Penetration Testing Consultant Duration: 4 Days Language: English Course Delivery: Classroom COURSE BENEFITS The vendor neutral Certified Penetration Testing Consultant course is designed for
More informationCONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35
CONTENTS IN DETAIL ACKNOWLEDGMENTS xv INTRODUCTION xvii Why This Book?...xvii Concepts and Approach...xviii How to Use This Book... xix About the Sample Capture Files... xx The Rural Technology Fund...
More informationImplementing Firewall Technologies
Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationBrief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...
Brief Contents Acknowledgments... xv Introduction...xvii Chapter 1: Packet Analysis and Network Basics... 1 Chapter 2: Tapping into the Wire... 17 Chapter 3: Introduction to Wireshark... 37 Chapter 4:
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationChapter 7. Local Area Network Communications Protocols
Chapter 7 Local Area Network Communications Protocols The Network Layer The third layer of the OSI Model is the network layer. The network layer is concerned with providing a means for hosts to communicate
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationSE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer
SE 4C03 Winter 2003 Final Examination Answer Key Instructor: William M. Farmer (1) [2 pts.] Both the source and destination IP addresses are used to route IP datagrams. Is this statement true or false?
More informationChapter 2. Switch Concepts and Configuration. Part II
Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools
More informationGuide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols
Guide to Networking Essentials, 6 th Edition Chapter 5: Network Protocols Objectives Describe the purpose of a network protocol, the layers in the TCP/IP architecture, and the protocols in each TCP/IP
More informationCHCSS. Certified Hands-on Cyber Security Specialist (510)
CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking
More informationCCNA Exploration Network Fundamentals
CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationCisco Cisco Certified Network Associate (CCNA)
Cisco 200-125 Cisco Certified Network Associate (CCNA) http://killexams.com/pass4sure/exam-detail/200-125 Question: 769 Refer to exhibit: Which destination addresses will be used by Host A to send data
More informationFeatures of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy
Que: -Proxy server Introduction: Proxy simply means acting on someone other s behalf. A Proxy acts on behalf of the client or user to provide access to a network service, and it shields each side from
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationApplied Networks & Security
Applied Networks & Security TCP/IP Networks with Critical Analysis http://condor.depaul.edu/~jkristof/it263/ John Kristoff jtk@depaul.edu IT 263 Spring 2006/2007 John Kristoff - DePaul University 1 Critical
More informationE&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang
E&CE 358: Tutorial 1 Instructor: Sherman (Xuemin) Shen TA: Miao Wang Email: m59wang@uwaterloo.ca 1 About Tutorials TA: Miao Wang Office: EIT 3133; Tutorials: Th 4:30 5:20 pm Topics Supplementary knowledge
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationSharkFest 17 Europe. #35 Sneaking in The Backdoor. Hacking the Non-Standard Layers. Phill Sherlock Shade. Merlion s Keep Consulting.
SharkFest 17 Europe #35 Sneaking in The Backdoor Hacking the Non-Standard Layers 10 November 2017 Phill Sherlock Shade Merlion s Keep Consulting #sf17eu Estoril, Portugal #sf17eu Estoril, Portugal Merlion
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationTEXTBOOK MAPPING CISCO COMPANION GUIDES
TestOut Routing and Switching Pro - English 6.0.x TEXTBOOK MAPPING CISCO COMPANION GUIDES Modified 2018-08-20 Objective Mapping: Cisco 100-105 ICND1 Objective to LabSim Section # Exam Objective TestOut
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More information