Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment 2016 - Semester 1.

Published byJunior Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment 2016 - Semester 1."— Presentation transcript:

1 Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment 2016 - Semester 1

2 Lecture Outline  Introduction  Penetration Test Project  Testers vs Hackers  Ethical hacking of a computing environment  Ethics in ethical hacking  The ASA project phases

3 Introduction  Various types of testing activities  Vulnerability and penetration testing  Ethical hacking of a computing environment  Strategies of action for security assessment  Active security assessment project.

4 Introduction (cont.)  Penetration tests consists of active testing activities where the work of hackers is simulated.  A penetration test is an active security assessment that is performed according to a well defined scope, a well defined security policy.  It has to discover access information  Identify system vulnerabilities, exploit them  Generate security recommendations and act upon them.

5 Penetration Test Project  Identify vulnerabilities  Prioritize them  Study how to eliminate any condition that can cause damage.  Generate recommendations.  Penetration testing employs some tools, tricks and techniques that hackers use but with prior authorization.  Usually, the subject of ASA is not to eliminate the occurrence of attacks, but to reduce their efforts and their probability of success when they take place.

6 Testers vs Hackers Testers 4 Have a security objective to respect 4 Limited by the scope of penetration testing activities 4 Limited techniques and tools to use 4 Have security policies to comply with 4 Attempt to record every step taken to study effects and possible remedies Hackers 4 Has a destructive objective to expand as much as possible 4 Not limited to any tools and techniques 4 Hackers not bothered with any restrictions 4 Attempts to hide traces of all steps taken to make it difficult for forensic analysts to identify / catch.

7 Ethical hacking of a CE  Attacks on people –Social engineering  Attacks on infrastructure –Physical infrastructure –Equipment and company facilities such as, servers, PCs, routers, switches, etc. –Network infrastructure –Testing remote connection  Attacks on technology –Operating systems –Applications, software and hardware –Patches can reduce system vulnerabilities

8 Ethical hacking of a CE  Attacks on data –DoS –Backup needed  Attacks on activities –Telecommunication and computing protocols –The use of protocols such as, ARP, ICMP, TCP, IP, SNMP, etc. –All tasks, procedures, policies and regulations can be corrupted.

9 Ethics in ethical hacking  Four important rules that need to be included in any code of ethics for ASA: 1)Stick to the security objective and scope 2)Respect for privacy 3)Avoid any disruptive effects 4)Reporting of any violation of any code of ethics

10 Ethics in ethical hacking  The ASA project scope should specify that the tasks below should be defined: 1)Target system and its components 2)Timing of the project 3)Risks to be accepted throughout the ASA project 4)Strategy of the project in terms of visibility, place and direction 5)Delivering requirements 6)Response activities and testing limitations.

11 The ASA Project Phases

12 Reconnaissance effort  Collecting information on target companies / businesses and their systems, mostly on internet. –Web search – Google –Web crawling – download –Web navigation  Might be interested in finding out about the source code, IT staff names and e-mails, type and version of software, developer’s name and e-mail, server names, etc.

13 Reconnaissance effort  Example of tools that may be used in the reconnaissance phase: –DNS lookup –Finger –Name lookup –Ping –Port scan –Throughput –Trace route –Whois –Etc.

14 Homework End

Download ppt "Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment 2016 - Semester 1."

Similar presentations

ETHICAL HACKING.

ETHICAL HACKING.
Introduction to Ethical Hacking, Ethics, and Legality.

Introduction to Ethical Hacking, Ethics, and Legality.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Network security policy: best practices

Network security policy: best practices
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Similar presentations

Ads by Google