Full Transcript

MODULE 1 Introduction to Cyber Security Dr. Uma Narayanan Assistant Professor CSE, IST CVV SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Thre...

MODULE 1 Introduction to Cyber Security Dr. Uma Narayanan Assistant Professor CSE, IST CVV SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. INTRODUCTION TO CYBER SECURITY Cyber Security is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes. INTRODUCTION TO CYBER SECURITY Importance of Cyber Security Cyber Security is crucial in today's digital age due to the following reasons: Protection of Sensitive Data Mitigation of Financial Losses Preservation of Business Reputation Compliance with Regulations Ensuring National Security INTRODUCTION TO CYBER SECURITY Key aspects of Cyber Security include: Protecting Confidentiality: Ensuring that sensitive information is not disclosed to unauthorized individuals, entities, or processes. Maintaining Integrity: Safeguarding the accuracy and completeness of information and processing methods. Ensuring Availability: Ensuring that authorized users have access to information and associated assets when required. INTRODUCTION TO CYBER SECURITY Core Principles: The CIA Triad The CIA Triad is a model designed to guide policies for information security within an organization. It stands for Confidentiality, Integrity, and Availability, which are the three core principles of Cyber Security. a. Confidentiality b. Integrity c. Availability INTRODUCTION TO CYBER SECURITY a. Confidentiality Definition: Confidentiality refers to the protection of information from unauthorized access and disclosure. Importance: It ensures that sensitive data is accessible only to those who are authorized to view it. Methods to Ensure Confidentiality: Encryption: Encrypting data ensures that even if it is intercepted, it cannot be read without the proper decryption key. Access Controls: Implementing strict access controls ensures that only authorized individuals can access certain data. Authentication Mechanisms: Using strong authentication mechanisms, such as multi-factor authentication (MFA), helps ensure that only authorized users can access sensitive information. INTRODUCTION TO CYBER b. Integrity SECURITY Definition: Integrity refers to the accuracy, consistency, and trustworthiness of data over its entire lifecycle. Importance: It ensures that data is not altered or tampered with in an unauthorized manner, maintaining its accuracy and reliability. Methods to Ensure Integrity: Hashing: Hash functions can be used to verify the integrity of data by comparing the original hash value with the current one. Digital Signatures: Digital signatures provide a way to verify the authenticity and integrity of a message, software, or digital document. Checksums: Checksums are used to verify the integrity of files during transmission by comparing the calculated checksum at the source and destination. INTRODUCTION TO CYBER c. Availability Definition: Availability SECURITY ensures that information and resources are accessible to authorized users when needed. Importance: It guarantees that systems function correctly and that data is available when required by users or processes. Methods to Ensure Availability: Redundancy: Implementing redundant systems, such as backup servers and data replication, ensures that services remain available even if one component fails. Disaster Recovery Plans: Having a disaster recovery plan in place ensures that an organization can quickly recover from disruptions, such as cyber-attacks or natural disasters. DDoS Mitigation: Protecting against Distributed Denial of Service (DDoS) attacks ensures that services remain available by preventing the overwhelming of network resources. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. COMPUTER SECURITY Computer security, often referred to as cybersecurity, involves the protection of computer systems, networks, and data from various types of threats, including unauthorized access, cyberattacks, data breaches, and other forms of malicious activities. The goal of computer security is to ensure the safety, integrity, and availability of information and resources. COMPUTER SECURITY The core principles and components include: Confidentiality: Ensuring that sensitive information is only accessible to authorized individuals. Integrity: Maintaining the accuracy and consistency of data over its entire lifecycle. Availability: Ensuring that information and resources are accessible to authorized users when needed. Authentication: Verifying the identity of users or systems before granting access. Authorization: Determining what authenticated users are permitted to do within the system. Accountability: Tracking user actions to ensure that they are held responsible for their activities. REASONS FOR COMMISSION OF CYBER CRIMES There are many reasons which act as a catalyst in the growth of cyber crime. Some of the prominent reasons are: a. Money: People are motivated towards committing cyber crime is to make quick and easy money. b. Revenge: Some people try to take revenge with other person/organization/society/ caste or religion by defaming its reputation or bringing economical or physical loss. This comes under the category of cyber terrorism. c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have encountered. d. Recognition: It is considered to be pride if someone hack the highly secured networks like defense sites or networks. REASONS FOR COMMISSION OF CYBER CRIMES e. Anonymity- Many time the anonymity that a cyber space provide motivates the person to commit cyber crime as it is much easy to commit a cyber crime over the cyber space and remain anonymous as compared to real world. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain. f. Cyber Espionage: At times the government itself is involved in cyber trespassing to keep eye on other person/network/country. The reason could be politically, economically socially motivated. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. THREATS A threat is any potential event or action that can cause harm to a computer system, network, or data. Threats can be intentional, such as hacking and malware, or unintentional, such as human error or hardware failures. Malware: Malicious software designed to damage or disrupt systems, steal information, or gain unauthorized access. Most comman are  Viruses: Programs that attach themselves to legitimate files and spread when the files are shared.  Worms: Standalone malware that replicates itself to spread across networks.  Ransomware: Malware that encrypts a victim's data and demands payment for decryption.  Trojans: Malicious programs disguised as legitimate software. THREATS A threat is any potential event or action that can cause harm to a computer system, network, or data. Threats can be intentional, such as hacking and malware, or unintentional, such as human error or hardware failures. Malware: Malicious software designed to damage or disrupt systems, steal information, or gain unauthorized access. Malware is malicious software and refers to any software that is designed to cause harm to computer systems, networks, or users. Malware can take many forms. VIRUS Viruses: Programs that attach themselves to legitimate files and spread when the files are shared. A virus is a malicious code written to damage/harm the host computer by deleting or appending a file, occupy memory space of the computer by replicating the copy of the code, slow down the performance of the computer, format the host machine, etc. It can be spread via email attachment, pen drives, digital images, e- greeting, audio or video clips, etc. A virus may be present in a computer but it cannot activate itself without the human intervention. Until and unless the executable file(.exe) is execute, a virus cannot be activated in the host machine. WORMS Worms: Standalone malware that replicates itself to spread across networks. They are a class of virus which can replicate themselves. They are different from the virus by the fact that they does not require human intervention to travel over the network and spread from the infected machine to the whole network. Worms can spread either through network, using the loopholes of the Operating System or via email. The replication and spreading of the worm over the network consumes the network resources like space and bandwidth and force the network to choke. Ransomware Ransomware: Malware that encrypts a victim's data and demands payment for decryption Ransomware is a type of malicious software (malware) that encrypts a victim's data or locks them out of their system, demanding payment (usually in cryptocurrency) in exchange for restoring access to the data or system. Types: Crypto Ransomware: Encrypts files, rendering them inaccessible until the ransom is paid. Locker Ransomware: Locks users out of their device entirely, preventing access to the operating system. Spread: Ransomware often spreads through phishing emails, malicious links or attachments, exploit kits, or drive-by downloads from compromised websites. Strategies include regular data backups. TROJAN HORSE Trojans: Malicious programs disguised as legitimate software. Trojan horse is a malicious code that is installed in the host machine by pretending to be useful software. The user clicks on the link or download the file which pretends to be a useful file or software from legitimate source. It not only damages the host computer by manipulating the data but also it creates a backdoor in the host computer so that it could be controlled by a remote computer. It can become a part of botnet(robot-network), a network of computers which are infected by malicious code and controlled by central controller ADWARE Adware is a type of malicious software designed to display unwanted advertisements on a user’s device. These ads often appear as pop- ups, banners, or within the software interface. It typically comes bundled with legitimate software downloads and can be installed without the user's consent. Adware often accompanies free software downloads. When users install these programs, they may unknowingly install adware as well. Once installed, adware generates revenue for the distributor by showing ads, redirecting users to specific websites, or collecting data to target ads more effectively. SPYWARE Spyware is a type of malicious software designed to secretly monitor and collect information about a user's activities without their knowledge or consent. It often operates silently in the background, making it difficult to detect. Spyware can capture a wide range of data, including browsing history, login credentials, emails, and even personal documents. Some spyware can give attackers remote access to the infected device, allowing them to control it and extract data at will. Spyware often employs techniques to remain hidden and resist removal, such as modifying system files or using rootkit technology. BOTNET Botnet is a network of compromised computers, known as bots or zombies, controlled remotely by a hacker, often called a botmaster. These infected devices are used collectively to perform malicious activities. Botnets spread through various means like phishing emails, malicious downloads, or vulnerabilities in software. Overloading a target server with traffic to disrupt services. Sending large volumes of unsolicited emails. Extracting sensitive information from infected devices. THREATS Phishing: A form of social engineering where attackers deceive individuals into providing sensitive information, such as passwords or credit card details, typically through email or fraudulent websites. Insider Threats: Employees or other trusted individuals who misuse their access to cause harm. Social Engineering: Techniques used to manipulate individuals into divulging confidential information or performing actions that compromise security. This can include tactics like pretexting, baiting, and tailgating. VULNERABILITY A vulnerability is a weakness or flaw in a computer system, network, or software that can be exploited by a threat to gain unauthorized access or cause harm. Common vulnerabilities include: Unpatched Software: Software that has not been updated with the latest security patches, making it susceptible to known exploits. Weak Passwords: Easy-to-guess or reused passwords that can be easily cracked by attackers. Misconfigured Systems: Systems that are not properly configured, leading to security gaps. Human Error: Mistakes made by users or administrators, such as clicking on malicious links or improperly configuring security settings. HARM The potential damage that can result from threats exploiting vulnerabilities. In cybersecurity, harm can be classified into several categories based on the nature and impact of the threat. The key classifications include: Financial Harm: Refers to monetary losses resulting from cyber incidents. This includes direct financial loss (e.g., theft or ransom payments), loss of revenue due to service disruption, and the cost of remediation efforts like incident response and legal fees. Reputational Harm: Involves damage to an organization's brand or public image. Cyber incidents like data breaches can erode customer trust, lead to negative publicity, and cause long-term brand damage, resulting in loss of customers and market share. HARM Operational Harm: Represents disruptions to business operations. Cyberattacks can lead to service outages, productivity loss, and even supply chain disruptions, affecting the organization's ability to function effectively. Legal and Regulatory Harm: Encompasses the legal consequences of cyber incidents, such as fines for non-compliance with regulations (e.g., GDPR), lawsuits from affected parties, and increased regulatory scrutiny. Data Integrity Harm: Involves the loss, corruption, or unauthorized manipulation of data. This type of harm can result in the permanent loss of critical information, exposure of sensitive data, or inaccurate data that leads to poor decision-making. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. SECURITY CONTROLS Types of Controls Preventive Controls: Measures designed to prevent security incidents from occurring. Examples: Firewalls, encryption, and access controls. Detective Controls: Measures designed to detect and alert to security incidents when they occur. Examples: Intrusion Detection Systems (IDS), security monitoring tools. Corrective Controls: Measures designed to respond to and recover from security incidents. Examples: Data backup and recovery solutions, incident response plans. SECURITY CONTROLS Examples of Security Controls Firewalls: Network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules. Intrusion Detection Systems (IDS): Systems that monitor network traffic for suspicious activity and generate alerts. Encryption: The process of converting data into a coded form to protect it from unauthorized access. Only those with the decryption key can access the original data. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. AUTHENTICATION Authentication is the process of verifying the identity of a user, device, or system before granting access to resources or services. It ensures that the entity attempting to gain access is who or what it claims to be. Authentication typically involves one or more of the following factors: Something you know: A password, PIN, or security question. Something you have: A physical token, smart card, or mobile device. Something you are: Biometric characteristics such as fingerprints, facial recognition, or retinal scans. AUTHENTICATION Authentication Methods Passwords: The most common form of authentication, where users provide a secret word or phrase to verify their identity. Multi-Factor Authentication (MFA): A method that requires users to provide two or more verification factors (e.g., password and a one- time code) to gain access. Biometrics: Authentication methods that rely on unique physical characteristics, such as fingerprints, facial recognition, or iris scans. ACCESS CONTROL Access Control is a security technique used to regulate who or what can view, use, or modify resources in a computing environment. It involves the implementation of policies and mechanisms that ensure only authorized users or systems can access specific data, applications, networks, or physical areas. Access control operates on several levels: Identification: Determining the identity of a user or system (e.g., through a username or ID). Authentication: Verifying that the identified user or system is genuine. Authorization: Granting or denying access to resources based on the authenticated identity and predefined permissions. Accountability: Tracking and logging actions performed by the authenticated and authorized user or system. ACCESS CONTROL Access Control Models Role-Based Access Control (RBAC): Access is granted based on the user's role within the organization. Roles are assigned permissions based on job functions. Mandatory Access Control (MAC): Access is based on fixed security attributes assigned to both users and resources. Typically used in highly secure environments. Discretionary Access Control (DAC): The owner of a resource has the discretion to decide who can access it and what permissions they have. Attribute-Based Access Control (ABAC) is an access control model that grants or denies access to resources based on attributes (such as user roles, resource characteristics, and environmental conditions) rather than just the identity of the user. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. CRYPTOGRAPHY Cryptography is a technique of securing information and communications through the use of codes so that only those persons for whom the information is intended can understand and process it. Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and the suffix “graphy” means “writing”. Cryptography serves several key purposes: CRYPTOGRAPHY Confidentiality: Ensuring that information is accessible only to those authorized to view it. The degree of confidentiality determines the secrecy of the information. The principle specifies that only the sender and receiver will be able to access the information shared between them. Confidentiality compromises if an unauthorized person is able to access a message. For example, let us consider sender A wants to share some confidential information with receiver B and the information gets intercepted by the attacker C. Now the confidential information is in the hands of an intruder C. CRYPTOGRAPHY Integrity: Protecting data from being altered by unauthorized parties. Integrity gives the assurance that the information received is exact and accurate. If the content of the message is changed after the sender sends it but before reaching the intended receiver, then it is said that the integrity of the message is lost. System Integrity: System Integrity assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Data Integrity: Data Integrity assures that information (both stored and in transmitted packets) and programs are changed only in a specified and authorized manner. CRYPTOGRAPHY Authentication: Verifying the identity of users or systems. Authentication is the mechanism to identify the user or system or the entity. It ensures the identity of the person trying to access the information. The authentication is mostly secured by using username and password. The authorized person whose identity is preregistered can prove his/her identity and can access the sensitive information. CRYPTOGRAPHY Non-repudiation: Preventing parties from denying their involvement in a communication or transaction. Non-repudiation is a mechanism that prevents the denial of the message content sent through a network. In some cases the sender sends the message and later denies it. But the non-repudiation does not allow the sender to refuse the receiver. Basic Concepts of Encryption and Decryption Encryption: The process of converting plaintext data into ciphertext to protect it from unauthorized access. Decryption: The process of converting ciphertext back into plaintext, making it readable again, using a key. Symmetric Cryptography: Uses the same key for both encryption and decryption. It's faster but requires secure key distribution. Example: AES (Advanced Encryption Standard). Asymmetric Cryptography: Uses a pair of keys—one public and one private. The public key encrypts data, and the private key decrypts it. It's more secure for key exchange. Example: RSA (Rivest–Shamir–Adleman). SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. WEB ATTACKS Web attacks are malicious activities that target web applications, websites, and web users. These attacks can lead to unauthorized access, data breaches, and various forms of exploitation. WEB ATTACKS Types of Browser Attacks: Drive-by Downloads: Malware is automatically downloaded and executed when a user visits a compromised website, often without the user's knowledge. Cross-Site Scripting (XSS): Attackers inject malicious scripts into web pages viewed by other users. The script can steal cookies, session tokens, or other sensitive information. Man-in-the-Browser (MitB): A form of man-in-the-middle attack where malware infects a web browser, allowing attackers to intercept and manipulate communication between the user and a website. WEB ATTACKS TARGETING USERS Web attacks targeting users often involve social engineering tactics to trick users into revealing sensitive information or performing actions that compromise security. Common Techniques: Phishing: Attackers send fake emails or set up fraudulent websites to deceive users into providing personal information, such as login credentials or credit card details. Spear Phishing: A targeted form of phishing aimed at specific individuals or organizations, often using personalized information to increase the likelihood of success. Clickjacking: Attackers trick users into clicking on a seemingly harmless element on a web page, which actually triggers an unintended action, such as enabling a camera or submitting a form. DATA BREACHES Data breaches occur when sensitive information is accessed or disclosed without authorization, often as a result of web attacks. Causes of Data Breaches: SQL Injection: Attackers exploit vulnerabilities in web applications to execute arbitrary SQL queries, gaining access to databases and sensitive information. Insecure Data Transmission: If data is transmitted over unencrypted channels, it can be intercepted and accessed by attackers. Poor Access Controls: Weak or improperly configured access controls can allow unauthorized users to access sensitive data. EMAIL ATTACKS AND PHISHING TECHNIQUES Email attacks are a common vector for distributing malware, launching phishing campaigns, and conducting other forms of cyberattacks. Phishing Techniques: Mass Phishing: A broad, non-targeted phishing campaign that attempts to deceive as many users as possible by sending identical emails to a large group. Spear Phishing: A more targeted approach, where the attacker customizes the email to the specific recipient, often using personal information to make the email appear legitimate. Whaling: A form of spear phishing that targets high-profile individuals, such as executives or government officials, often with the goal of stealing sensitive data or gaining access to critical systems. Business Email Compromise (BEC): Attackers impersonate a company’s executive or trusted partner to trick employees into transferring money or sensitive information. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. NETWORK VULNERABILITIES Network vulnerabilities refer to weaknesses in a network that can be exploited by attackers to gain unauthorized access, disrupt services, or steal data. Types Configuration Vulnerabilities: Caused by insecure or improper settings on network devices, such as default passwords, open ports, or misconfigured firewalls, which can be exploited by attackers. Software Vulnerabilities: NETWORK VULNERABILITIES Arise from flaws or bugs in the software running on network devices or applications, such as unpatched systems or vulnerabilities in network protocols that can be exploited for unauthorized access or disruption. Hardware Vulnerabilities: Involves vulnerabilities in the physical devices that make up the network, such as insecure routers, switches, or outdated hardware that may have built-in weaknesses or lack proper security controls. Human Factor Vulnerabilities: Stem from user behavior or lack of proper security practices, such as weak passwords, susceptibility to social engineering, or mishandling of sensitive information, making the network more vulnerable to attacks. NETWORK VULNERABILITIES  Basics of Vulnerability Scanning  Vulnerability scanning is the process of systematically examining a network or system to identify security weaknesses, such as open ports, outdated software, and misconfigurations.  Steps in Vulnerability Scanning:  Asset Discovery: Identifying all devices, systems, and applications on the network.  Vulnerability Identification: Scanning for known vulnerabilities, such as unpatched software, open ports, and insecure configurations.  Risk Assessment: Evaluating the potential impact of each identified vulnerability.  Reporting: Documenting the findings and providing recommendations for remediation. NETWORK VULNERABILITIES  Open Port/Service Identification  Open port and service identification is a critical part of network security. Open ports can expose services that may be vulnerable to exploitation.  Open Ports: Network ports that are actively listening for incoming connections. Attackers often scan for open ports to identify services running on a network.  Service Identification: Determining the specific services or applications running on open ports, which can help in identifying potential vulnerabilities associated with those services. BANNER/VERSION CHECK A Banner/Version Check involves querying a network service to retrieve its banner, which often includes information about the service, such as its name, version number, and other metadata. Purpose: Attackers use this technique to identify the version of software running on a server or device, which can reveal specific vulnerabilities associated with that version. For example, outdated or unpatched software versions might have known vulnerabilities that can be exploited. Example: A hacker uses a tool like Nmap to perform a banner check on a web server, discovering that it is running an outdated version of Apache with known vulnerabilities. NETWORK VULNERABILITIES  Traffic and Vulnerability Probes  Traffic and vulnerability probes are techniques used by attackers to gather information about a network or system, which can later be used to exploit vulnerabilities.  Traffic Probing: Monitoring network traffic to gather information about the types of data being transmitted, the protocols used, and potential security gaps.  Vulnerability Probing: Sending crafted packets to a target system to identify vulnerabilities in its software, services, or network configuration. OPENVAS OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanner that helps in identifying security issues in networks and systems by performing comprehensive scans. Features: It includes a wide range of vulnerability tests (also known as Network Vulnerability Tests or NVTs) to detect various types of vulnerabilities in networks, applications, and systems. OpenVAS is often used by security professionals to conduct vulnerability assessments and ensure that systems are secure against known threats. Usage: Security teams can use OpenVAS to automate the process of scanning and identifying vulnerabilities, allowing them to prioritize and remediate issues before they are exploited. METASPLOIT Metasploit is a widely used penetration testing framework that provides tools for discovering, exploiting, and validating vulnerabilities in systems. Features: It includes a vast database of exploits and payloads that can be used to test the security of networks and applications. Metasploit allows security professionals to simulate real-world attacks in a controlled environment to identify weaknesses and assess the effectiveness of security measures. Usage: Penetration testers use Metasploit to exploit identified vulnerabilities, demonstrating the potential impact of a security breach and helping organizations strengthen their defenses. Feature OpenVAS Metasploit Primary Function Vulnerability Scanning Penetration Testing Comprehensive tool for Framework for discovering, identifying and assessing Description exploiting, and validating vulnerabilities in networked vulnerabilities. systems. - Automated vulnerability - Database of exploits and scanning payloads - Extensive database of Key Features - Tools for exploiting known vulnerabilities vulnerabilities - Detailed reporting and risk - Post-exploitation modules assessment Used to validate Ideal for regular network vulnerabilities by exploiting scans to identify security Use Case them and understanding weaknesses and generate their impact in real-world remediation reports. scenarios. Feature OpenVAS Metasploit Early in the security assessment After vulnerabilities are Workflow process for identifying identified, to test if they can be vulnerabilities. exploited. Integrates with other tools for Integrated into larger security comprehensive vulnerability frameworks, often used in Integration management, primarily focused on conjunction with tools like OpenVAS scanning and reporting. for penetration testing. Basic to intermediate Requires advanced expertise in User Skill Level cybersecurity knowledge; user- penetration testing and ethical friendly. hacking. Generates detailed vulnerability Provides detailed reports on reports with risk assessments, exploited vulnerabilities, showing Reporting remediation suggestions, and how they were exploited and the prioritization. potential impact. Scanning a network to discover Exploiting a vulnerability identified outdated software with known by OpenVAS to gain access to a Examples of Use vulnerabilities, helping prioritize system and demonstrate the patching. potential damage. SYLLABUS Module I. Introduction to Cyber Security Introduction, Computer Security, Threats, Harm, Vulnerabilities, Controls, Authentication, Access Control and Cryptography. Web attack: Browser Attacks, Web Attacks Targeting Users, Obtaining User or Website Data, Email Attacks. Network Vulnerabilities: Overview of vulnerability scanning, Open Port / Service Identification, Banner /Version Check, Traffic Probe, Vulnerability Probe, Vulnerability Examples, OpenVAS, Metasploit. Networks Vulnerability Scanning (Netcat, Socat), Network Sniffers and Injection tools. INTRODUCTION TO NETCAT AND SOCAT Overview Netcat and Socat are powerful networking tools used for network communication, diagnostics, and troubleshooting. Both are designed to handle a variety of network tasks such as transferring data, testing connections, port scanning, and more. Netcat is a simple and versatile networking tool, often called the "Swiss Army knife" of networking. It can create network connections, send and receive data, scan for open ports, and more. INTRODUCTION TO NETCAT AND SOCAT What Can You Do with Netcat? Connect to other computers over the network using TCP or UDP. Scan for open ports to see what services are running on a system. Transfer files between computers. Listen for incoming connections and act as a basic server. Create a reverse shell to remotely control a machine. INTRODUCTION TO NETCAT AND SOCAT Usage: Basic syntax: nc [options] [hostname] [port]. Example: nc -zv 192.168.1.1 1-1000 scans ports 1 to 1000. INTRODUCTION TO NETCAT AND SOCAT What is Socat? Socat is like an advanced version of Netcat, with more features. It can handle different types of network connections and is useful for more complex tasks. What Can You Do with Socat? Create TCP/UDP connections, just like Netcat. Set up secure (SSL/TLS) connections for encrypted communication. Forward network traffic between different computers or ports. Use advanced port forwarding to route data through multiple systems. Proxy data streams and connect to devices like serial ports. DIFFERENCE BETWEEN NETCAT AND SOCAT Netcat: Simple and easy-to-use tool for basic networking tasks like file transfer, port scanning, and simple connections. Socat: More advanced, supports secure connections, more protocols (like UNIX sockets and SSL), and can handle complex tasks like tunneling and proxying. NETWORK SNIFFERS AND INJECTION TOOLS Network sniffers and injection tools are used to capture, analyze, and manipulate network traffic. Network Sniffers: Wireshark: A popular open-source network protocol analyzer that captures and inspects packets transmitted over a network. Wireshark allows users to see all traffic passing through a network interface and analyze it in detail. tcpdump: A command-line packet analyzer that allows users to capture and display TCP/IP and other packets being transmitted or received over a network. NETWORK SNIFFERS AND INJECTION TOOLS Injection Tools: Ettercap: A comprehensive suite for man-in-the-middle attacks on LAN. It can capture and analyze traffic, perform active eavesdropping, and inject malicious code into live connections. Scapy: A powerful Python-based tool that allows users to create, send, and receive network packets. Scapy is often used for network testing, scanning, and packet crafting. THANK YOU

Use Quizgecko on...
Browser
Browser