Meeting 39. Guest Speaker Dr. Williams CEH Networking

Similar documents
Meeting 40. CEH Networking

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

CyberP3i Course Module Series

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Fundamentals of Computer Networking AE6382

20-CS Cyber Defense Overview Fall, Network Basics

Hands-On TCP/IP Networking

ch02 True/False Indicate whether the statement is true or false.

Security Device Roles

Network Security. Thierry Sans

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Networking By: Vince

Networking 101 By: Stefan Jagroop

Training UNIFIED SECURITY. Signature based packet analysis

6 Computer Networks 6.1. Foundations of Computer Science Cengage Learning

Introduction to TCP/IP

Network Protocols - Revision

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

Network+ Guide to Networks 6 th Edition. Chapter 4 Introduction to TCP/IP Protocols

CS155 Firewalls. Why Firewalls? Why Firewalls? Bugs, Bugs, Bugs

Computer Network Vulnerabilities

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Features of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy

CNBK Communications and Networks Lab Book: Purpose of Hardware and Protocols Associated with Networking Computer Systems

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

UIP1869V User Interface Guide

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

TCP/IP Transport Layer Protocols, TCP and UDP

Networking Theory CSCI 201 Principles of Software Development

4. The transport layer

PRACTICAL NETWORK DEFENSE VERSION 1

Sirindhorn International Institute of Technology Thammasat University

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

CHCSS. Certified Hands-on Cyber Security Specialist (510)

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Sybex CCENT Chapter 12: Security. Instructor & Todd Lammle

CIT 380: Securing Computer Systems. Network Security Concepts

Hands-On Activity. Firewall Simulation. Simulated Network. Firewall Simulation 3/19/2010. On Friday, February 26, we will be meeting in

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Introduction to Firewalls using IPTables

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Defining Networks with the OSI Model. Module 2

CompTIA Network+ Study Guide Table of Contents

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Analyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS

Network+ Guide to Networks, Seventh Edition Chapter 2, Solutions

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Networking Fundamentals. An Introduction to Networks. tel: +44 (0) fax: +44 (0) web:

TCP/IP Fundamentals. Introduction. Practice Practice : Name. Date Period

GT Apiary: Remote Honeypots

Insight Guide into Securing your Connectivity

Cisco Packet Tracer 6.1 Frequently Asked Questions

Remote Connection to Your Computers

Virtual-Machine-Based Network Exercises for Introductory Computer Networking Courses

Hands-On Ethical Hacking and Network Defense

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras

Introduction to Network. Topics

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Cybersecurity in 2016 and Lessons learned

Minimum Security Standards for Networked Devices

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

01/17/08 TDC /17/08 TDC363-03

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

Monitoring the Device

Lab 1: Packet Sniffing and Wireshark

Education Network Security

Transport Layer (TCP/UDP)

Networks and Communications MS216 - Course Outline -

VG422R. User s Manual. Rev , 5

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Public or Private (1)

Internet Security: Firewall

ECE 435 Network Engineering Lecture 23

Firewall Evasion Lab: Bypassing Firewalls using VPN

Implementing Cisco Network Security (IINS) 3.0

Networking and Health Information Exchange: ISO Open System Interconnection (OSI)

Basics of executing a penetration test

Software Engineering 4C03 Answer Key

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

REQUIREMENTS TECHNICAL EXAM CHEAT SHEET

Understanding the Internet

The StrideLinx Remote Access Solution comprises the StrideLinx router, web-based platform, and VPN client.

CS 356 Internet Security Protocols. Fall 2013

Protocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017

Man in the middle. Bởi: Hung Tran

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

The Internet of Things. Steven M. Bellovin November 24,

AT&T SD-WAN Network Based service quick start guide

Chapter 7. Local Area Network Communications Protocols

9th Slide Set Computer Networks

TCP /IP Fundamentals Mr. Cantu

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

Computer Networking Fundamentals

Forensic Network Analysis in the Time of APTs

Transcription:

Cyber@UC Meeting 39 Guest Speaker Dr. Williams CEH Networking

If You re New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing Projects: Malware Sandboxing Lab Cyber Range RAPIDS Cyber Op Center

Announcements Dr. Williams Visiting We re planning school visits, reach out! Logo designs welcome! Board Game Night!!! February 2nd, next Friday

Public Affairs Please fill out Google form for GroupMe Numbers! https://goo.gl/forms/94i9kmjgtpdgxsc22 Our brand new YouTube channel has just been made. We will be live streaming meetings, events, etc and posting relevant videos to the channel. Please subscribe! youtube.com/channel/ucwcjuk7a_1ndj4m-chwvifw Follow us on our social media: Facebook: Twitter: Instagram: Website: facebook.com/cyberatuc/ twitter.com/ucyb3r instagram.com/cyberatuc/ gauss.ececs.uc.edu/uc.yber/

Weekly Content

APT Review Dark Caracal They have been operating since at least 2012 Recently revealed by an exposed server on the open internet Focused around mobile phones instead of computers as a large-scale hacking group, one of the first of their kind Thousands of victims in over 21 countries Traced back to a building owned by the lebanese General Directorate of General Security(GDGS), one of the Lebanese intelligence agencies Targeted governments, military personnel, utilities, financial institutions, manufacturers, defense contractors, medical professionals, educators, academics, etc.

Dark Caracal (Continued) 4 personas within the group have been found through the leaked information and individuals believed to be matched with those personas have been identified. Conduct cyber attack campaigns across multiple platforms: Android, Windows, Mac, and Linux on targets in NA, EU Middle East, and Asia. Stolen documents, call records, text messages, audio recordings, browsing history, contacts, photos, location data. Relied on Social Engineering and non zero-day exploits through Facebook and WhatsApp messaging.

Dark Caracal (continued) After visiting malicious sites, victims were served fake updates to secure apps, like WhatsApp which would eventually download the Dark Caracal malware called Pallas onto the mobile device. Pallas is capable of stealing most of the information on your phone, like two-factor authentication codes, texts, etc. Pallas relies on permission granted at installation to access data. Dark Caracal also makes use of FinFisher and CrossRAT. Overall Dark Caracal has stolen over 252,000 contacts, 485,000 texts, and 150,000 call records from android devices alone. Sensitive data like bank information has also been stolen.

Dark Caracal Sources https://thehackernews.com/2018/01/dark-caracal-android-malware.html https://info.lookout.com/rs/051-esq-475/images/lookout_dark-caracal_srr_201 80118_us_v.1.0.pdf https://blog.lookout.com/dark-caracal-mobile-apt https://en.wikipedia.org/wiki/finfisher

Guest Speaker: Dr. Williams

Part 2: Systems Overview My cat might have to have his one remaining tooth removed.

Differences from last week Based on everyone s feedback and input: - More Color - More Graphics - More Content And as promised: - Things you can do to follow along - This week will be more technical

The Topics Today Go Something Exactly Like This - Single Systems - Common OS Arch-Types - Small Networks - Data Bus - IPv4, MAC, & Ports - TCP and UDP - NAT and DHCP - FireWalls - Large Networks - Switches and Hubs - Intrusion Detection Systems - IPv4 & IPv6 - VPN - Inter-Networks - DNS & ICANN

We have a single system, but what is on it?

We have a handful of systems, how do we connect them? - At a high level, we just connect all of the devices on one network - For this abstract purpose, assume we can connect clients, servers, and peripherals directly to the same network

How do we tell these individual devices apart? 192.168.0.5 - Follow along with: - ipconfig /a for Windows - ifconfig for Linux and Mac - We can give each device a physical address (MAC) which is integrated into the device s network connector - We can give each device a network-specific address (IP) which is given to the device when it connects to the network - Typically applications that access the network will use IP address to connections 192.168.0.7

More on IPv4 - Most of the world uses IPv4 - IPv4 is starting to be replaced by IPv6 which allows larger networks - The first three octets make the network address, which details the network the host is connected to - The fourth number is the host address, which is the individual device identifier on the network - You can think of an IPv4 address as being similar to a house number and street address. - You can request an new IP from a network if you don t want to use the one you were assigned 192.168.0.1 2716 Jefferson

More on MAC - The MAC address is assigned to the network card when it is manufactured - MAC addresses identify both the manufacturer of the interface and the interface itself - Because the MAC is tied to the network through software, it is quite trivial to change your MAC address through a tool such as macchanger - MAC addresses could once be used to track devices but most modern devices will randomize their MAC when joining a new network to prevent this ff:ff:ff:aa:aa:aa

Ports Port Protocol Application 20 TCP FTP Data 21 TCP FTP control - To tell apart data that is sent to specific programs on the computer we use ports - Ports are numbered on the range 1-65535 but typically only the lower 800 are used for most applications - Web servers use port 80 as a standard HTTP port - Applications are not explicitly bound to a certain port, it s just common practice to use certain ports with certain applications 22 TCP SSH 23 TCP Telnet 25 TCP SMTP 53 Both DNS 67,68 UDP DHCP 80 TCP HTTP 443 TCP SSL

How do we send data between systems? - Transport Control Protocol (TCP) - Two systems establish a connection stream, then end the connection when data is transferred. - Involves a 3 way handshake followed by a finish packet. SYN, SYN-ACK, ACK - Provides error correction - Typically used for sending large amounts of data and verifying the reception of data. - User Datagram Protocol (UDP) - No connection is established. - Requires no handshake. - Provides no error correction. - Typically used for small, one way data transmission or one to many (multicast)transmissions.

Network Address Translation (NAT) - We would run out of IPv4 addresses very quickly if every device was given a unique NAT identifier. - Instead, typically your home router is assigned a public IP and then gives the devices behind it internal IP addresses via DHCP - The outside world will see your routers IP 75.123.52.41

Dynamic host Configuration Protocol (DHCP) 75.123.52.41 - Because you need an IP address to talk to other computers your router can assign internal network IP s. - Typically this IP range starts at 192.168.0.1 with the router and counts up. Another common IP range would be 10.#.#.1 etc. - You can also request a specific network address from the router. 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4

Fire Walls Good and Bad Internet Traffic - Most routers also have a firewall built in, just not a good one. - Firewalls are supposed to let good things through and keep bad things out. - They are typically passive systems that follow simple allow/disallow rules that correspond to certain ports. - Example: allow TCP over port 80 (http). Good Internet Traffic

Large Networks - Large networks such as major business require multiple layers of security - Large networks may include several smaller networks for different purposes - You may have a full access network, a restricted development network, and an air gapped internal only network all in one building - Large networks will start to use more advanced hardware that home networks typically won t need.

Switches and Hubs - Switches and hubs are simple ways of extending network access physically - Switches will send network traffic only to the intended receiver - Hubs will send network traffic to all receivers

Intrusion Detection Systems (IDS) - Intrusion Detection Systems will monitor traffic on a network and look for things that look malicious and report the event - A field of research for IDS s is implementing machine learning to detect malicious patterns. IDS

Intrusion Prevention Systems (IPS) - Intrusion Prevention Systems will monitor traffic on a network and function as a dynamic firewall. - IPS s are active when compared to passive firewalls. - IPS s are inline just as a firewall are.. - Unlike intrusion DETECTION systems, Intrusion PREVENTION systems will cut off access/quatertine hosts that show malicious activity. IPS

IPv6 - IPv6 is meant to replace IPv4 in the future - IPv6 uses hexadecimal to distinguish from IPv4 - IPv4 addresses are only 32 bits long whereas - IPv6 addresses are 128 bits long 2001:0db8:85a3:0000:0000:8a2e:0370:7334 4563 West Street

Virtual Private Networks (VPN) - VPN s are a way of allowing two or more systems to act as if they are on the same local area network over the internet - VPN s can be used for users to remotely connect into work site services - UC provides a VPN for faculty and students - We used OpenVPN to connect with Franco s class for the red team operation

Domain Name Servers (DNS) - You can identify a website as an IP or domain name. - DNS allows a domain to link to an address. - DNS records are kept on DNS servers. - DNS records can be thought of like a phone book for the internet. DNS Name -> IP Address www.google.com -> 172.217.2.36

Sample Questions - Here are a few questions you may see on the CEH exam.

1. What device acts as an intermediary between an internal client and a web resource? A. Router B. PBX C. VTC D. Proxy

2. What is the proper sequence of the TCP three-way handshake? A. SYN-ACK, ACK, ACK B. SYN, SYN-ACK, ACK C. SYN-SYN, SYN-ACK, SYN D. ACK, SYN-ACK, SYN

3. A scan of a network shows that port 23 is open; what protocol is this aligned with? A. Telnet B. NetBIOS C. SSH D. SMTP

4. Which technology allows the use of a single public address to support many internal clients? A. VPN B. Tunneling C. NTP D. NAT

5. Which of these protocols is a connection-oriented protocol? A. FTP B. UDP C. POP3 D. TCP

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback