Documente Academic
Documente Profesional
Documente Cultură
Classes:
- 1Oct 1-126
SN: 255.0.0.0 /8
- 1Oct 128-191 SN: /16
- 1Oct 192-223 SN: /24
- 1Oct 240-247
FLAG
FLAG
FLAG
FLAG
TCP Header
1) Destination Port - 16bit destination
2) Sequence Number - 32bit sequence number
3) Acknowledment Number - 32bit acknowledging
4) Offset - 4bit; where data begins
5) Reserved - 6bit; always set to 0;
6) Flags - 6bit; TCP flags are stored
7) Windows Size - 16bit; amt of information that can be sent before ack is expec
ted.
8) Checksum - 16bit; verify the integrity of the header
9) Urgent Pointer - 16bit; used only for URG flag; last piece information that i
s urgent
10) Options - variable length field, any additional settings
UDP - User Datagram Protocol
-connectionless/unreliable; UDP Header (4)
UDP Ports:
53 - DNS
67 and 68 - DHCP
69 - TFTP, download files w/o authentication
137 and 138 - NetBios and Datagram services
161 - Simple Network Management Protocol
Internet Protocol - packet delivery to correct destination. (sends data only)
IP Header structure:
1) Version - 4bit; version of IP
2) Header Length - 4-bit; size of IP header
3) Type of Service - 8-bit; how packet should be handled(ex. low delay)
4) Total Length - 16bit; total
5) Identification - 16bit; identifies fragment of MTU (maximum transmission unit
)
6) IP Flags - 3bit; how fragments will be handled(ex. More Fragments, Don't Frag
ment)
7) Fragment Offset - 13bit; order of fragments
8) TTL = 8bit; packet to expire; when TTL=0, packet is discarded
9) Protocol - 8bit; TCP or UDP
10) Header Checksum - 16bit; integrity of IP header
11) Source Address - 32bit; ip address source
12) Destination - 32 bit; ip dest.
13) IP Oprtions - variable length; other settiings
ICMP - Internet COntrol Message Protocol
- enables TCP/IP Network to share status and error information (Ping and Tracert
)
ICMP Type 8 - echo request message (ping)
ICMP Type 0 - ping reply
structure:
1) Type - 8bit; ICMP Type
2) Code -8bit; code
3) Checksum - 16bit; integrity
4) Other - any data.
ARP reply
Types of Policies:
1) Standard Policy - needs to be follow
2) Guidelines - recommendations
3) Procedure Policy - step by step procedures in implementing solution
Regulations and Standards:
ISO17799 - information security management
HIPAA - privacy of health care records
PII - can identify a person; Personal Identification
Policies in the Organiztion
1) Acceptable Use Policy - what is acceptable to use by an employee (laptop,pc,e
mail etc)
2) Password Policy 3) Change Management Policy - change in network configuration
4) Service Level Agreement - contract betweeen your company and anyone providing
services to organization; sets maximum amount of downtime that is allowed
5) Privacy Policy - educate customers why information is collected
6) Information Classification Policy - define different classifications of infor
mation (top secret, secret, confidential, unclassified)
===============================================
Chapter 4: Types of Attacks
1) Social Engineering
A) Impersonation
B) Phishing
C) Shoulder Surfing - view employee's desk or computer
D) Dumpster diving - victim's garbage
E) Tailgaiting
F) Hoaxes - giving false stories (email)
G) Whaling and Vishing - same as phishoing but intended to a specific pe
rson
Vishing - trick people over the phone
2) Network Attacks
DOS -Denial of Service; overloading a sytem with request; network to per
form slowly and crash
DDOS - distributed; uses no. of systems(PC) to perform attack(zombie sys
tems)
Spoofing - alters the source address info (IP, MAC, email); fake
Software: Nemesis, Hping2, Macchanger
Eavesdropping/Sniffing - captures network traffi and view contents
Software(packetsniffing): wireshark,tcpdump, airodump-ng
Replay - resubmit the traffic on the network, to generate more traffic
ManInTheMiddle DNS Poisoning - having D
NS names point to incorrect IP addresses; altering DNS cache
Pharming - leading someone to the wrong site by modifying host file
ARP Poisoning - altering arp cache(stores IP on corresponding MAC addres
ses); for MITM attack
arp -a
SPAM
Priviledge Escalation - userlevel access being able to elevate their pri
viledge
Port Scanning Attack 1) TCP connect scan, if they can do 3way handshake, port must be open
2) SYN scan, half open scan or stealth scan; doesnt send ACKs
3) XMAS scan, enable 3 of the six flags enabled. (PSH, URG, FIN)
Malicious Software - software the harms or misuses the system (deleteing files,
monitoring, slowing down)
1) Priviledge Escalation, hacker elevates his priviledge
Types: Vertical(raise to admin access);
Horizontal (same level of access, but resource is different); privilege de-escal
ation (admin to lower)
2) Viruses, infects the device, destroy system, prevent booting, slowing
the system.
Types:
Executable Virus - exe files
Boot Sector Virus - prevents from booting; attacks the boot sector code
Macro Virus - code using a micro language like VB; deleting files or ema
iling everyone; triggered when open
Logic Bomb - virus planted on the system;w/ specific date
Worm Virus - being able to replicate itself:
A) Network Protocol - ex. SQL Slammer
B) Email - ex. I love you virus
C) Flash Drives - Ex. Conficker
Trojan Virus - tricked into installing; modifies system by opening TCP/I
P port on the system
Troubleshooting Trojan:
netstat -na
listening - port is open and waiting for someone to connect
netstat -na -o >> with ProcessID(PID)
find PID
tasklist | find "PID"
taskill /PID 208 /F >> kill EXE
regedit>CurrentVersion>Run >> delete autostart programs
Other Malicious Software(Malware)
1)Spyware, hidden software that collects information about you; make changes to
the system; web redirection; slowing network connection
2)Adware, automatically loads ads on the screen; pop-up window.
3)Spam,unsolicited emails
protect it by: implementing filters on the email server an not posting email add
reses on the internet
4)Rootkits, gives hacker privileged access to the system(Types: ApplicationLevel
(trojan.exe); LibraryLevel(library of code dll); kernelLevel (replace device dri
ver files on the system); Virtualized(loads other OS); Firmware(not present in O
S)
5)Botnets, collection of systems that has been xompromised by a hacker; zombie s
ystems
6)Keylogger, can be hardware or software; captures keystrokes
7)Backdoor, so that hackers can get access to the system at a later time
8)Ransomeware,virus takes over to your system; asking for credit card number
9)Polymorphic Malware, alters itself; mutated to avoid detection
10)Armored Virus, protects itelf by being analyzed; difficult to decompile and v
pornography etc.
3) VPN Concentrator ncription
4) URL Filters - list
5) Content Inspection
6) Malware inspection
Wireless Modes:
1) Ad Hoc Connection - peer to peer environment; laptop to other wireless device
2) Infrastructure Mode - w/ wireless access point(connected).
Standards:
802.11a - 5GHz,54Mbps 150ft
802.11b - 2.4Ghz. 11 Mbps Wifi Standard 300ft
802.11g - 2.4Ghs. 54 Mbps Wifi Standard 300ft
802.11n - 2.4 of 5 GHz. 150 Mbps (600 Mbps) 300ft
Features of 802.11n
1) MIMO - use of multiple antennas to achieve more throughput
2) Channel Bonding - transmit data over two channels
Channel - each frequency in the range (13 Channels)
Authentication and Encryption
1)WEP -wireless equivalent privacy.input a wireless key/shared key/passphrase. 6
4/128 bit encryption keys that made up of 24 bit INITIALIZATION VECTOR and 40/10
4 bit key. Already cracked
2)WPA -Wifi Protected Access. 128 bit key and "TKIP"(Temporary Key Integrity Pr
otocol), use to change encryption keys for every paket sent.
Improbed Integrity Checking: EAP, Extensible Authentication Protocol, very secur
e authentication protocol supports Kerberos, Tokens, Certificated, Smartcards.
Variations of EAP: LEAP (Lightweight,Cisco Proprietary); PEAP (Protected)
WPA Modes:
1) WPA Personal - WPA PSK(Preshared Key). used by home and small business.
2) WPA Enterprise - WPA 802.1x. uses central authentication server such as RADIU
S
3)WPA2 - uses Counter Mode with Cipher Block Chaining Message Authentication Cod
e Protocol (CCMP) with Advanced Encryption Standard (AES, encryption for wireles
s traffic.
supports 128/192/256 bit encryption.
Security Best Practices
1) Change Admin Password
2) Service Set Identifier (SSID) - don't advertise your SSID; broadcasting disab
led
Kismet- Linux; can detect hidden SSID
3) MAC Address Filtering 4) Antenna Placement and Power Levels - routers must be placed in the center of
the building and not close to the outer walls
5) Captive Portal - need for authentication via web page
6) Encrypt Wireless Traffic -use WEP, WPA, WPA2
7) VPN Solutions - for high-security environments
Vulnerablities:
1) Data Emanation - collect emissions from electrical components and pieces them
together into readable data
2) Jamming/Interference - such as cordless phones
3) Packet Sniffing - ensure to encrypt all wireless communication
4) War Driving - drives around with a laptop and locate wireless networks that t
hey can connect to.
5) War Chalking -drawing symbols on a building or sidewalk
6) WPS Attack - WiFi Protected Setup, allows user to enter a PIN to connect to a
wireless network; can perform brute force attack on the WPS PIN
7) Replay Attack - hacker can capture traffic with a sniffer and resend/replat,
the traffic.
8) Bluejacking - sending unsolicited messeges using BT
9) Bluesnarfing - exploiting a bluetooth enabled device by copying data from it.
10) Rogue Access Points - wireless router connected to the network
11) Evil Twins - make a laptop device appear to be a valid access poiint; to pro
tect: use VPN
Infrared - up to 4 Mbps.
Bluetooth - up to 10 meters away. 1 Mbps(transfer rate). f=2.6GHz range
================================================================================
=
Chapter 10: Authentication
Authentication - process of verifying the identity of the individual
Mutual Authentication - auth. scheme that involves both sides of the communicati
on
Authentication Factors:
1) Something you know - Password or PIN
2) Somting you have - Swipe Card/Token]
3) Something you are - biometrics, fingerprint, eyescanner
4) Somewhere you are - GPS location, IP subnet information
5) Something you do - newer authentication factor; based on the habits of the us
er
Single Factor Authentication - ex. User/Pass (know); retina scan or fingerprint
only
Two-Factor Authentication Scheme - ex. Pin + Card; smartcards; fingerprint+pin
Three-Factor Authentication - ex. biometrics+card+pin
Single Sign-on (SSO) - allows a user to authenticate once and access multipe sys
tems w/o providing additional credentials.
Access Tokens -logical tokens;contains all information required for resource val
idation, or user perform an operating system task.
Authentication Protocols:
1) Windows Authetication Protocols
Anonymous Authentication. no logon require. ex. websites/ftp servers
2) Basic Authentication. logon; user/pass sent to the server in clear text.(not
encypted)
3) Integrated Windows Authentication. user/pass sent to the server in an encrypt
ed format.
4) Kerberos. used by Active Directory environments. uses a KEY DISTRIBUTION CENT
ER (KDC) SERVER for issuance of tickets(needed to access services on the network
).
---non microsoft-Remote Access Service (RAS) - using Point2Point connections (P2P Protocol,PPP)
used in telephony application
VPN - connects to a remote server using a secure channel over internet.
Authentication Protocols used by RAS/VPN:
5) Password Authentication Protocol (PAP) - same as w/ basic authentication
6) Challenge Handshake Authentication Protocol (CHAP) - server sends a challenge
to the client and used in the auth. process. uses MD5 hashing algo.
7) Microsoft-CHAP (MS-CHAP) - uses MD4 hashing algorithm; uses Microsoft Point t
o Point Encryption (MPPE) to encrypt traffic client to server.
8) MS-CHAP2 - extended to authenticate both client and server; uses strong encry
ption keys
9) Extensible Authentication Protocol (EAP) - allows multiple logon methos such
================================================================================
Keys= P(P-1)/2
Algorithms:
1) DES - Data Encryption Standard, 56bit
2) Blowfish - 1 to 448 bit encryption
3) Twofish - 128 bit encryption
4) Triple DES -168 bit encryption, BLOCK Cipher
5) Rivest Cipher (RC4/RC5) - used in SSL and WEP
6) AES - Advanced Encryption Standard, BLOCK Cipher; 128/192/256 bit encryption;
used by WPA2
7) AES256 - 256 bit encryption
Assymetric Encryption - 2 related keys to perform encryption and decryption. Poi
nts to remember:
(1) one key does, the other key undoes
(2) two keys are related, but you cannot derive one key from the other
* a message always encrypted with recepient's public key.
* to ensure nonrepudiation, message signed with sender's private key
Advatage:securely communicate the public key to other parties; key management (n
eed only key pair)
Disadvantage: slower
Algortithms:
1) RSA - Rivest Shamir Adleman; first
2) Diffie-Hellman
3) Elliptic Curve -based on Diffie-Hellman and Digital Signaure Algorithm
Quantum Cryptography -w/ fiberoptic networks, sending encrypted information as p
hotons, then converted to binary data.
InBand Key Exchange -encryption key is exchange between the parties
OutBand Key Exchange -exchange keys n a separate communiction channel
Hashing Concepts
One-way Hash Values- impossible to do the reverse operation of taking the hash v
alue.
Hash Value - aka message digest; same size regardless how long is the message
Collision - twp different data calculate the SAME HASH VALUE
Hashing Algrithms:
1) **Message Digest - MD5 (128 bit hash value)
2) **Secure Hash Algorithm - SHA-1(160 bit hash value)
3) SHA-256/SHA-512
4) LANMAN - unsecure method of storing the password hashes;
5) NT LAN Manager (NTLM) - Windows NT, storing passwords and registry.; uses MD4
NTLMv2 uses HMAC-MD5
6) RACE INtegrity Primitive Evaluation Message Diges (RIPEMD), 128/160/256/320 b
it
7) Hash-based Message Authentication Code (HMAC) - using a secret key combined w
ith hashing algo.
Message Authentication Code - resulting hash value.
Encryption -encrypt data, communication
for Data:
1) Full Disk - Win7 or 8, BitLocker, encrypt contents of the entire hard drive
2) Database -encrypt credit card numbers, customer's passwords etc.
3) Individual Files - use Encrypting FIle System (EFS) in windows
4) Removable Media - encrypt flash drive
5) Mobile Device
Trusted Platform Module (TPM) -computer chip; store cryptographic keys to encryp
t data.; has a dictionary-attack prevention module built in.
for Communication:
1) HTTPS: uses SSL to encrypt communication to the Web server
2) **Secure Socket Layer/ Transport Layer Security - encrypting traffic for web
and email; TLS replacing SSL
3) Secure MIME (S/MIME) - encrypt email messages
4) Internet Protocol Security (IPSec) - encrypt ALL IP Traffic.
Transport Mode - only payload(data) is encrypted
Tunnel Mode - Header and the data is encrypted
5) Secure Shell (SSH)
6) Secre FTP (SFTP or FTPS)
7) Secure Copy Protocol (SCP) - used for transferring files
8) Wireless - use WEP, WPA or WPA2
Other Terms:
1) Ephemeral Key - temporary key used to encrypt single message
2) Perfect Forward Secrecy - a system that generates random ephemeral keys for e
ach session..
3) Key Stretching - aka key strenthening.used to convert weak password to a stro
ng passwords using 2 algorithms: PBKDF2 and Bcrypt
4) Cipher Suite - group of securoty algorithms used to provide authentication, e
ncryption, message authentication functionality
5) Pretty Good Privacy (PGP) - used to encrypt information using Assymetric Comm
unication; generate keys and share your public key using e-mail.
6) Steganohraphy - hiding of text files inside the graphic files.
Stegdetect - software used to detect steganography
======================================================
Chapter13: Public Key Infrastructure p.534
Terminologies:
1) Certificates - eletronic file store public key; Contains public key, algorith
m, serial number, subject, issuer, validity, thumbprint (hash value); CA - issue
s the certificate
2) Certifiacte Authorities
PUBLIC CA - in the business of selling certifiates to businesses like Ve
riSign, GoDaddy, Entrust
PRIVATE CA - when company decides to create its own PKI.
Root CA - selfsigned certificate, digital sign any certificates; usually
turned off
=============================================
Chapter14: Physical Security
Physical Access Control
1) Perimeter Fencing - recommended fence height 8ft plus barbwire at 45 degree a
ngle.
2) Guards
3) Locks
Cipher Locks - Electronic Combination Locks
4) Access System
A) Fail Safe - Fail Open, when lock fails, unlocked
b) Fail Secure - Fail Close, lock fails, locked
5) Proximity Readers
A) User Activated - need to swipe the card to gain access
B) System Sensing - sends out interrogating signals
6) Mantraps - area between two doors, 2nd door do not open until Door1 is closed
.
HVAC - Heating, Ventillation and Air Conditioning
- reduce heat(temp), humidity, and outdoor air
Activities involved:
1) Environmental Monitoring - monitoring mechanism; detect issues related to hea
t, humidity, and air quality
2) Hot and Cold Aisles - fronts of the racks facing each other to create cold ai
sles
3) Temperature and Humidity Control
Emanations - electrical signal emissions from computer components
Tempest System - a shielded environment; standard for securing a system from eav
esdropping
Faraday Cage - enclosure designed to shield its contents; blocks electronic fiel
d or signals; shields a component from sending or receiving a signal.
Fire Supression
Classes of Fire:
Class A - common combustible fires like paper cloth etc.
Class B - liquid fires like gas, oild, tars, solvents
Class C - burning of electrical components; use HALON gas or CO2
Class D - combustible metals like Magnesium and Sodium; suppress it by using dry
chemicals
Sprinkler System
1)Wet Pipe - water is in pipe all the time; pipe could freeze
2)Dry Pipe - water (reservoir); short delay; for colder climates
3)Preaction System - headlink mhas to be melted for the water to be released
=========================================================================
Chapter15: Risk Analysis
-reduce and manage the risk of your organization
Purpose:
-identifiy the assests within the company and their value
-identify threats against those assets
-take countermeasures against those threats/mitigating the threat
-countermeasure value does not cost more than the value of the asset
evice Failure
DETERMINE MITIGATION TECHNIQUE - for each threats. ex. backup, redundant
power and WAN links etc.
3) Develop the Plan. Disaster Recovery Plan.
4) Test the Plan.
Types of Testing:
1) Checklist review. - distributed to the representative for each depart
ment.
2) Tabletop exercise/Structured Walkthrough. - BCP reviews by the BCP Te
am; review procedures
3) Simulation Test. - put to test by simulating a scenario
4) Parallel Test. - ensuring ALTERNATIVE SITE is functioning
5) Ful Disruption Test. - shutting down original location and operating
solely from alternative site.
5) Maintain the Plan.
DISASTER RECOVERY PLAN (DRP) - steps to recover from different scenarios.
HOT SPARES. connected and powered on in the case the primary device should fail.
ready to work.
COLD SPARES. device must be connected and power up before it can take over.
HOT SITE. complete alternative location, data should be continously replicated.
COLD SITE. office space is ONLY available.
WARM SITE. middle ground between Hot and Cold Site.
EXCLUSIVE SITE. site is dedicated to your comapany/pays the full fee.
TIME-SHARED SITE. split the cost of an alternative site with another business. e
nsure site can handle both business at the same time.
Other Terms:
SUCCESION PLANNING. ensuring you have employees who can fill key leadership tole
s incase you lose key personnel.
IT CONTINGENCY PLANNING.