Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Published byRosa Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise."— Presentation transcript:

1 Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise

2 Network topology The arrangement or mapping of the elements(links, nodes, etc.) of a networklinksnodesnetwork Physical and logical topology

3 Layer 3 details IP addresses Subnetting – Subnet mask Gateways and route information Getting adjacency info Relaxed security enforcement between machines on the same subnet

4 Virtual LAN “…. a group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location.”Broadcast domain Software for network reconfiguration Traffic segmentation and easy relocations

5 Layer 4 - Transport Ports and Services Common services listen to well-known ports – IANA – Easy to organize using well-known ports Target for attackers Vulnerable services Port scanning

6 nmap utility Free, open source utility for network exploration Uses IP packets to determine what hosts are available and up on a network – Port information; Services offered – Versioning information – Used by sysadmins for

7 Packet Analyzers Network protocol analyzer Interactively browse packet data from a live network tcpdump, netstat GUIs exist

8 Weak protocols telnet, ftp http vs https – Relevance of digital certificates Software vulnerabilities OS systems and versions SSL toolkit compromises

9 su and sudo commands switch user command – su with no arguments defaults to root sudo allows execution of commands as root – sudo bash ??? /etc/sudoers files

10 Firewalls iptables program – Packet filtering Control traffic flow from and to the system – Rule chains – Targets – Session states /etc/sysconfig/iptables – sudo iptables -L

11 Buffer overflow attacks Buffer overrun: process attempts to store data beyond the allowed memory boundaries Segmentation fault, process termination or even modify the return address Eggs

12 SQL Injection $name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; // our MySQL query builder really should check for injection $query_evil = "SELECT * FROM customers WHERE username = '$name_evil'"; // the new evil injection query would include a DELETE statement echo "Injection: ". $query_evil; SELECT * FROM customers WHERE username = ' '; DELETE FROM customers WHERE 1 or username = ' '

13 Homework Exercises 1 – Due March 6, 2009 Get an account on the CS Linux servers and run nmap to gain an understanding on the network, the services available for access, their versioning information. Explain how you can write to /etc/passwd file using passwd command though you do not have rights (as the regular user) to modify the contents of the file.

14 Homework Exercise 2 – Due March 13, 2006, 5pm Create a firewall rule (iptables) to allow Remote desktop connections to the server optimus.cs.uh.edu only if the connection is from on-campus. Explain if the http support in gmail still maintains the privacy of email communication between the browser and gmail server.

15 Homework Exercise 3 – Due March 23, 2009 at 1pm Even if two users have identical passwords, the hashes of their passwords in the /etc/passwd file or /etc/shadow file are different. How is this done and why is it done? Explain in not more than a page.

Download ppt "Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise."

Similar presentations

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Firewall Vulnerabilities Presented by Vincent J. Ohm.

Firewall Vulnerabilities Presented by Vincent J. Ohm.
Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.

Common network diagnostic and configuration utilities A ‘toolkit’ for network users and managers when ‘troubleshooting’ is needed on your network.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.

Microsoft Server 2008 R2 Group Policies & Network Policy and Access Services.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.

Similar presentations

Ads by Google