SECURITY ESSENTIALS

Prepared BY: Mohamed Abosehly

 ATTACKERS

Attackers are creative and will attempt many different techniques to trick users
 WHAT IS “ATTACK “

• Any attempt to :
• destroy, expose, alter, disable, steal or
breaking into the information
• breaking the systems.
• gain unauthorized access to or make
unauthorized use of an asset

• Could be intentional or unintentional

COMMON ATTACKS
 ATTACK TYPES
• Passive Attack
• Active Attack
• Insider Attack
• Close-in Attack
• Phishing Attack
• Buffer Overflow Attack
• Spoof Attack
• Hijack Attack
• Exploit Attack
• Password Attack
PASSIVE ATTACK

attempts to take the information from the system and

does not affect any system resources and its
operations.
WHO OWNS YOUR DATA
• Social Media
• Facebook: https://www.facebook.com/policies
• Instagram: http://instagram.com/legal/terms/
• Twitter: https://twitter.com/tos
• Pinterest: https://about.pinterest.com/en/terms-service
• Online Storage
• iCloud: https://www.apple.com/legal/internet-
services/icloud/en/terms.html
• Dropbox: https://www.dropbox.com/terms2014
• OneDrive: http://windows.microsoft.com/en-us/windows/microsoft-
services-agreement
CHARACTERISTICS OF PASSIVE ATTACK

- Passive attack is a network attack

- System is monitored and sometimes scanned for
open ports and vulnerabilities.
- Purpose is only to gain information about the target
- No data is changed on the target
- No interaction
- Effects Privacy & Confidentiality
- Hard to Detect .
PASSIVE ATTACKS TYPES :
• Release of message content
• The eavesdropper mentor :
• Telephonic conversation,
• Email content
• a transferred file may
contain confidential data.
Obsetraffic
• Tools used rve pattern

• Spyware
• Wireshark
TYPES OF PASSIVE ATTACKS :

• Traffic Analysis
• The eavesdropper
• analyzes the traffic
• determines the location
• identifies communicating hosts
• observes the frequency and
length of exchanged messages. Obsetraffic
• Tools used rve pattern

• Spyware
• Wireshark
HOW TO AVOID ?

• Use Firewalls
• Use IPSec
• Use encryption
• Remove Cookies and don't allow
ACTIVE ATTACK

Attempts to change the system resources or affect their

usual operations.
Types: Trojan - Worm -Virus - DDoS
Password attack… etc
CHARACTERISTICS OF ACTIVE ATTACK

- Information is modified.
- Dangerous for Integrity as well as Availability.
- Attention is to be paid on detection.
- System is damaged.
- Victim gets informed in active attack.
- System Resources can be changed in active attack.
TYPES OF ACTIVE ATTACKS :

• Masquerade attack:
One entity (Person-Computer)
pretends to be different entity.
• Modification of messages
active attack:
Some portion of a message is altered
/ delayed or reordered to produce
an unauthorized effect.
Ex: “Allow Zaki and Aly to read
confidential file X”
TYPES OF ACTIVE ATTACKS :

• Repudiation
• The sender or receiver can deny
later that he/she has send or
receive a message.

• For example, customer ask his

Bank “To transfer an amount to
someone” and later on the
sender(customer) deny that he
had made such a request. This is
repudiation.
TYPES OF ACTIVE ATTACKS :

• Replay active attack

• It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.
 TYPES OF ACTIVE ATTACKS :

• Denial of Service
• Prevents normal use of communication
facilities.
• The attacker may have a specific target.
• Example
• an entity may prevent all messages directed
to a particular destination.
• Another form of service denial is the
disruption of an entire network wither by
disabling the network or by overloading it by
messages so as to degrade performance
HOW TO AVOID ?

• Use Firewalls
• Use Antivirus
• Use IPS
INSIDER ATTACK
involves someone from the inside, such as a
disgruntled employee, attacking the network.
INSIDER THREATS
TYPES OF INSIDER ATTACKS :
 IMPACT ON BUSINESS
Insider threats are a growing problem
• 60% of organizations had > 30 insider-related incidents per year
• Number of insider-related incidents increased by 47% in two years
• Companies spend an average of $755,760 on each insider-related
incident
Samsung & Apple
HOW TO AVOID ?

• Awareness
• Prevention “ Apply policy”
• Monitor “user and entity behavior analytics”
• Encourage workers to report any suspicious activity
CLOSE – IN ATTACK
A Close-in attack involves someone attempting to get
physically close to network components, data, and
systems in order to learn more about a network.
HOW TO AVOID ?

• Good onsite physical security measures.

• Prevention “ Apply policy”
• Monitor
 PHISHING ATTACK

Phishing is a type of social engineering

Phishing is the attempt to obtain sensitive information such as
usernames, passwords and credit card details

Phishing Types:
 pages phishing
 Email phishing
 Vishing
 Smishing
 PHISHING TYPES: PAGES PHISHING
• A fake web page which looks exactly like a popular website
such ( facebook, twitter, Gmail , paypal , bank page ) to
persuade you to enter information identity such as username ,
passwords and credit cards details
• the hacker records the username and password and then tries
that information on the real site.
HOW DOES PHISHING WORK?
LAB
• HTTrack Web Site Copier tool
 PHISHING TYPES: EMAIL PHISHING
• Sending a fake message to your email to persuade you to buy
something or engage to anything for a purpose taking your identity
information
• Encourage you clicking a malicious link or button
• CEO Fraud/Business Email Compromise
 PHISHING TYPES: SPEAR PHISHING
A malicious emails sent to a specific
person. Attackers already have
some information about the victim:
His name, Place of employment, Job
title, Email address, and Specific
information about their job role.
 PHISHING TYPES: WHALING PHISHING “BIG FISH”
• A deceptive email messages
targeting high-level decision makers
or high profile individuals within an
organization. Such individuals have
access to highly valuable information,
including trade secrets and
passwords to administrative company
accounts.
• Trick the executive into revealing
sensitive information and corporate
data.
 PHISHING TYPES: ANGLER PHISHING
• Attacker uses social media to trick people. Fake URLs; cloned
websites, posts, and tweets; and instant messaging can all be
used to persuade people to divulge sensitive information or
download malware.
• Alternatively, criminals can use the data that people willingly post
on social media to create highly targeted attacks.
 PHISHING TYPES: SMISHING AND VISHING
• SMISHING
• Attackers sending text messages
(the content of which is much the
same as with email phishing),
• Vishing
• Attackers use a telephone
conversation.
• phishing over the phone
IMPACT ON BUSINESS

• In One Week, Google Blocked More Than 18 Million

COVID-19 Phishing Emails Daily

• 94% of Coronavirus-Related Cyber Attacks in a Two-

Week Period Were Phishing Attacks

• 84% of SMBs Targeted by Phishing Attacks

• 88% of Organizations Reported Experiencing Spear
Phishing Attacks in 2019

• 57% of Organizations Report Experiencing Mobile

Phishing Attacks
HOW TO AVOID ?
• Website filtering
• https
• Awareness
• Employ common sense before handing over sensitive
information.
• Avoid clicking embedded links.
• Keep your software and operating system up to date.
• Never respond to any spam.
• Use anti-spam filters ( Email filtering )
• Set up a private email address.
• Set up different passwords for all websites.
 HOW TO AVOID PHISHING ATTACK
 Don’t put your information in any website with out https
 Don’t tell anyone your information such username and password (f)
 Don’t respond to phone calls that needs confidential details (VISA)
 Don’t respond to SMS message which tell you financial details
 Use firewall and antivirus to prevent any malicious software
EXPLOIT ATTACK

Attacker knows of a security problem within an operating

system or a piece of software and leverages that knowledge
by exploiting the vulnerability.

Types : known exploit / unknown exploit.

KNOWN EXPLOIT

• discovered by cybersecurity researchers.

• a vulnerability in the software, OS, or even
hardware,
• developers can code patches to plug the hole.
UNKNOWN EXPLOIT (ZERO DAY ATTACK)

• A zero day exploit is a cyber attack that occurs on the same

day a weakness is discovered in software. At that point, it's
exploited before a fix becomes available from its creator
• operating system or software made a hidden port to control their
software that if known later it will use to do that attack
HOW TO AVOID ?

• update all the software

• use the best antivirus software
• Shouldn’t download software
SPOOFING ATTACK
• Attempting to breach a network’s security by altering the
source addresses of packets, making them appear as though
they came from a trusted user within the network, rather than
from a distrusted outside user.
• Hacker modifies the source address of the packets he or she
is sending so that they appear to be coming from someone
else. This may be an attempt to bypass your firewall rules.
SPOOFING TYPES

• IP Spoofing Attack.
• MAC Spoofing Attack.
• Email Spoofing Attack.
• DHCP Spoofing Attack.

• Examples
• Vodafone calls .
 LAB

• Use engage
packet builder tool
HOW TO AVOID ?

• Use an access control list

• Authentication
• Shouldn’t download software
• Intrusion detection
• Ignore emails that just have a
link in the text body
• Ignore emails sent without the
name of the sender
• Focus on Poor spelling
• Take care of Shorten URL
HIJACK ATTACK
• type of network security attack in
which the attacker takes control of a
communication
• hacker takes over a session between
you and another individual and
disconnects the other individual from
the communication. You still believe
that you are talking to the original
party and may send private
information to the hacker by accident.
• Ex: Facebook session Id
Mail
HOW TO AVOID ?

• End-to-end encryption
• VPNs
• Session ID monitors
• Delete cookies
• Strengthen internal policies
 BUFFER OVERFLOW ATTACK
• Buffers are memory storage regions that
temporarily hold data while it is being
transferred from one location to another
• A buffer overflow (or buffer overrun) occurs
when the volume of data exceeds the storage
capacity of the memory buffer.
• Attackers exploit buffer overflow issues by
overwriting the memory of an application,
• this changes the execution path of the
program.
• Triggering a response that damages files
• Exposes private data
• the attacker gaining administrative access to
the system in a command prompt or shell
HOW TO AVOID ?

• Validation
• Use new programing languages
PASSWORD ATTACK
• a process of recovering passwords from data that has been
stored in or transmitted by a computer system.

• might be to help a user recover a forgotten password

• or to gain unauthorized access to a system.

• This process is done by a lot of methods.

PASSWORD ATTACKS TYPES: DICTIONARY ATTACK

• Hacker takes the advantage of the

fact people who usually use common
words and short password then tries
to test them.
• a word list file, which is a list of
potential passwords.
PASSWORD ATTACKS TYPES: BRUTE FORCE

hacker use a program to try every

possible combination of password
to gain access.
PASSWORD ATTACKS TYPES: HYBRID ATTACK

hybrid attack builds on the

dictionary attack method by adding
numerals and symbols to dictionary
words
PASSWORD ATTACKS TYPES: RAINBOW TABLE

hacker can access encrypted password

files which contain representations of a
password instead of the actual password
to attempt to figure out the password.
• Rainbow Table Compiles A List Of Pre-
computed Hashes. It Already Has The
Mathematical Answers For All Possible
Password Combinations For Common
Hash Algorithms
PASSWORD ATTACKS TYPES: TRAFFIC INTERCEPTION

using software such as packet

sniffers to monitor network traffic
and capture passwords as they are
passed.
PASSWORD ATTACKS TYPES: SOCIAL ENGINEERING

o hacker try to collect information

about the user so can get password
information from the user directly.
o know more information about what
he love, his birthday date , thing’s
care ,club or footballer player he
would put them as a password .
o Spear phishing: Send a product
through email to login with
password so can guess thinking of
the user to know the real password
of his system.
PASSWORD ATTACKS TYPES: KEYLOGGER ATTACK

o install program on user’s

computer to track all of user’s
keystrokes so hacker can
record password and
username to use later
o install program cab be done
by A Phishing Download.
HOW TO AVOID ? GENERATE A STRONG PASSWORD
• Strong passwords have four main requirements listed in order of importance:
• 1) The user can easily remember the password.
• 2) It is not trivial for any other person to guess a password.
• 3) It is not trivial for a program to guess or discover a password.
• 4) Must be complex, containing numbers, symbols and a mix of upper
case and lower case letters.

https://passwordsgenerator.net/
HOW TO AVOID ?

• Recommended for all accounts

• Password change interval must be less than the time it takes
to brute force a password
• More than 8 character password
• Change passwords every 90 days
• Accounts locked after 3 failed attempts
• All passwords contain at least one alpha, one number, and
one special character
• Users can’t reuse previous 5 passwords
LAB
• https://passwordsgenerator.net/
• Brute force attack
WLANS ATTACK
• War drivers: The attacker often just wants to gain
Internet access for free. This person drives around,
trying to find APs that have no security or weak
security.
• Hackers: The motivation for hackers is to either find
information or deny services.
• Employees: Install AP in his office, using default
settings of no security, and create a small wireless
LAN.
WIFI SECURITY PROTOCOLS
ASSIGNMENTS

1. Email Spoofing 8. SQL injection Attack

2. Caller ID Spoofing 9. Bitcoin
3. Website Spoofing 10. STEGNOGRAPHY
4. IP Spoofing 11. Buffer over
5. ARP Spoofing 12. Digital signature
6. DNS Server Spoofing
5 Slides
7. XSS Attack
1. Definition
2. Types
3. Real Cases
4. How to avoid