Title: Objectives:
1Session 10
2- Objectives
- By the end of this session, the student will be
able to - Recognize the basic forms of system attacks
- Cite the technique used to make data secure
- Recognize the concepts underlying physical
protection measures - Cite the techniques used to control access to
computers and networks - Cite the strengths and weaknesses of passwords
- Explain the difference between a
substitution-based and a transposition-based
cipher - Outline the basic features of public key
cryptography, Advanced Encryption Standard,
digital signatures, and the public key
infrastructure - Cite the techniques used to secure communications
- Recognize the importance of a firewall, and be
able to describe the two basic types of firewall
protection
3Hacker
Hacker saga continues Mounties nab 15-year-old
Canadian ITworld.com 4/19/00 UPDATE The Royal
Canadian Mounted Police (RCMP) said that they
have arrested a 15-year-old Montreal boy and
charged him in connection with the largest hacker
attacks to date on e-commerce Web sites in the
United States. In accordance with Canadian law,
the identity of the boy, who is said to have used
the alias "Mafia Boy," was not disclosed. http/
/security.itworld.com/4339/ITW384/page_1.html
3
4Typical Hacker Approach
Step 1 Reconnaissance - ARIN, whois Step 2
Scanning - wardialing, port scanning,
firewalk Step 3 Exploit Systems - Gaining
Access - spoofing, hijiacking, DNS poisoning -
Elevating Access - L0phtCrack, Crack, SecHole,
getAdmin - Application-Level Attacks CGI
attacks, Web state maintenance - Denial of
Service - CPUhog, WinNuke, Ping of
death, Land, smurf, SYNflood, Targa,
TFN2K, Trin00 Step 4 Keeping Access -
Back Orifice 2000, Rootkits, Knark Step 5
Covering the tracks - logs, reverse WWW shell,
Loki
4
5Security
- Basic Premise
- The means to uniquely identify a person, consists
of using at least one selection from a minimum
of two of the following categories - Something you have
- User ID others may have knowledge of this
- A token (smart card / SecurID / WatchWord Token)
- Something you know
- Password / Passphrase / PIN only you know this
- Something you are
- An attribute of your physical body that is unique
(fingerprint, hand geometry, iris, retina,
earprint . . . )
5
6Passwords
- Standard Rules
- Change password often
- Pick a good password with
- At least 8 characters
- Mix upper-case and lower-case characters
- Don't choose passwords that are similar to first
or last names, or other choices easily guessed - Don't share your password with others
- Don't write it down and post it on your monitor
6
7Passwords
UNIX Password Passwd file samplex503100/hom
e/sample/bin/bash Shadow File sample2a05JG
qlq1afYTnH0t3OwOxbOeogkJAo9/vWdbOTQ73fQXRzjBsLvmxX
S127370999997
7
8Monoalphabetic Substitution-Based Ciphers
Plaintext a b c d e f g h i j k l m n o p q r s
t u v w x y z Ciphertext P O I U Y T R E W Q L K
J H G F D S A M N Z V C X B how about lunch at
noon EGVPO GNMKN HIEPM HGGH
8
9Polyalphabetic Substitution-Based Ciphers
Key COMPUTERSCIENCECOMPUTERSCIENCECOMPUTERSCIEN
CECO Plaintext thisclassondatacommunicationsisth
ebestclassever Ciphertext VVUHWEEJKQVHNVEECYBOGMT
SVQSAUMUHTTVXWKUNIWFGZGF
9
10Transposition-Based Ciphers
Keyword COMPUTER 14358726 relative position
of characters in alphabet Plaintext
Message this is the best class i have ever
taken COMPUTER 14358726 thisisth ebestcla
ssihavee vertaken Ciphertext TESVTLEEIEI
RHBSESSHTHAENSCVKITAA
10
11AES - Rijndael
Animation of Algorithm at work http//people.sene
cac.on.ca/travis.mander/rijndael_ingles2004.swf
11
12Windows Firewall
12
13Filter Firewall
13
14Proxy Firewall
14