SlideShare a Scribd company logo

Meletis Belsis - Introduction to information security

Download as PPT, PDF
Meletis Belsis MPhil/MRes/BSc
Meletis Belsis MPhil/MRes/BSc

Security is a major concern for organizations and individuals as information has become more valuable. The need for security has existed since information first became important. While firewalls and antivirus software provide some protection, they do not make an organization fully secure. Security involves processes for prevention, detection, reaction, and forensics. It is difficult to implement security perfectly due to costs, user resistance, evolving threats, and time/budget constraints for security teams. Hackers use various techniques like information gathering, password cracking, viruses, denial of service attacks, sniffing, and system exploits to compromise targets. Organizations implement defenses like firewalls, intrusion detection, honeypots, anti-sniffing measures, antivirus software, security awareness

1 of 49
Download to read offline
What is Security ? Part I Meletis A. Belsis 2003, Athens, Greece Mediterranean College Computer Crime
Setting the Scene • Security is one of the oldest problem that governments ,commercial organizations and almost every person has to face • The need of security exists since information became a valuable resource • Introduction of computer systems to business has escalated the security problem even more • The advances in networking and specially in distributed systems made the need for security even greater • The Computer Security Institute report, notes that in year 2003 computer crime costs where increased to more than 450 million dollars in the USA alone.
Profiling Adversaries • Adversaries that target corporate system are numerous: • These can be general classified in the following categories: – Hackers – Employees (both malicious and unintentional) – Terrorists groups – Governments – Opposing Industries
Security • So now we know that we need security. BUT what is security anyway ? • Many people fail to understand the meaning of the word. • Many corporations install an antivirus software, and/or a firewall and believe they are protected. Are they ?
Security through obscurity • Consider some cases : – An internal employee wants to revenge the company and so publishes private corporate information on the NET. – The terrorist attack on the twin towers (in USA) had as a result many corporations to close. Why ? – An employee forgets his laptop into a café. This laptop contains all corporate private information. HOW CAN A FIREWALL PROTECT FROM THE PREVIOUS ?
Security: easy to understand, difficult to implement “In the real world, security involves processes. It involves preventive technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. …. ” Bruce Schneier (Secrets and Lies, Wiley and Sons Inc.)
Security: easy to understand, difficult to implement • Security contains a number of tools , processes and techniques. • These in general cover three main requirements: – Confidentiality – Integrity – Availability • Depending on the security requirements a system has, one can concentrate only on one of the previous or all of them. • A new requirement enforced by the operation of e-markets is non-repudiation.
Security: easy to understand, difficult to implement • Computer Security is difficult to implement due to the following: – The cost of implementing a security system should not exceed the value of the data to be secured. – Industries pay huge amount of money for industrial espionage. – Users feel that security is going to take their freedom away and so often they sabotage the security measures. – Computer prices have fallen dramatically and the number of hackers have been multiplied. – Security managers work under strict money and time schedule. Criminals do not have any time schedule and they do not need any specialised software. – Hackers are often cooperate with known criminals. That is why, total security is almost infeasible.
The Art of Hacking Part II Attacking Corporate Systems
Information Gathering • The first step to hacking is to gather as much information as possible for the target. • This information is later used to draw a map of the corporate network. • This map is used to define and design an attack methodology as well as identify the needed attack tools. • The extreme case of information gathering is called dumpster diving
Information Gathering : Searching the Corporate Web site • Searching the corporate web site for information: – Statements like : “This site is best viewed with Internet Explorer” could uncover that the company uses Microsoft Web Server. – Email Addresses. These are used to identify user names. i.e. username@thecompany.com – Office Locations: Companies with office locations in different countries would probably use a VPN to interconnect. – Company News
Information Gathering : Searching the Internet • Searching the WEB can provide valuable information – Using the link directive. i.e. link: www.somecompany.com provides information on the sites that link to the corporate web site. – Searching the greater WEB using the company’s name • Searching public WHOIS databases :Provide information about the domain name of the company. • Searching the ARIN Whois Database: Provide a database with all register IP addresses. • Searching technical forums using either the name of the administrator or the name of the company.
Information Gathering :Being Polite….. • When the initial search has finished, it is now time to ASK the network itself. Believe it or not most networks are quite polite. – DNS Interrogation. It can be performed by simple using the nslookup program. – Using the PING command (ICMP Echo ). Can unveil hosts that are connected and are not protected by a firewall. – Using the TraceRoute command we can identify which is the IP of the router that connects the corporate network to the Internet.
NeoTrace: Windows Based TraceRT
Information Gathering :Identify Running Services • Having a map of the internet hosts that are accessible from the internet, we must now identify the services that they offer and the operating system that is installed on each host. • Special programs like nmap and superscanner are used to interrogate each port in a host. • Detecting Services – The Scanner tries to open a connection to each port of the target host (By sending Syn messages) . – The open ports that respond show the services that are running. • Detecting the OS – The Scanner sends specific erroneous message to the ports. OS response with different messages.
SuperScan: Windows Based Port Scanner
Information Gathering :Scanning undetected • Many firewalls can detect these scanning attempts. So scanners use some alternate techniques: – Slow Scanning – Distributed Scanning – Half Open Connection – Fragmented packets – XMAS – FIN – FTP Bounce
Password Cracking • Adversaries use two methods to attack passwords. – Brute force: Try all key combination in the password space. – Dictionary: Use a dictionary of known words and try each word along with their combinations. • These attacks can be performed either locally or remotely
L0phtCrack: Windows Password Cracking
VIRUSES • Computer Viruses are categorised in: – Normal viruses – Trojan Horses – WORMS • Today there are more than 2,500 virus ready to be downloaded. • A user can get infected by: – Running a program – Opening an email – Visiting a web site (evil Trojan) – Opening a .doc file • Today virus creation and mutation centres can be freely downloaded from the Internet
SubSeven: Visual Interface to Control Infected PC
Denial of Service Attack (DoS) • The idea behind these attacks is to make the target system unavailable to its authorised users. • Typical attacks include but not limited to : – Ping O’ Death (sending packets of size greater that 65,535) – SYN Flooding Attack (Starting Many half-open connections) – Smurf Attack (sending requests to broadcast address with a spoofed IP address) – Domain Name Server DoS (Requesting DNS quires from multiple DNS Servers with a Spoofed IP
SynFlood Attack
Smurf Attack
Domain Name System DoS
Distributed Denial of Service (DDoS) • Hackers have used the distributed power internet offers. • Tools are now perform DoS attack from multiple hosts at the same time. • Examples are: – Tribal Flood Network – TFN2K – Stacheldraft
Sniffing • Ethernet provides the ability to run a network card in Promiscuous mode. This allows the card to read any packet travelling on the network. • Sniffing software are using this to read all data transmitted in the local net. • Sniffers can be programmed to steal information associated only with specific protocols or programs. i.e. read all information from http packets only. • Some sniffers can be even programmed to transmit sniffed passwords back to the attacker. • The first and most used sniffer is the TCPDump .
SnifferPro: A windows based Sniffer
System Flaws and Exploits • Most systems today contain bugs. These are coming either from the system designers, implementers or the ones that manage the system. • Hackers can use these bugs to gain access to systems. • Examples of such are : – Default accounts – Poor User Accounts – Allowing outside anonymous Telnet connections to the Web Server – Allowing trusted connections – Buffer Overflows – Allowing Banners in services – Allowing NetBios over TCP/IP when not needed. • The Internet has a vast amount of software that test a given server for a number of such exploits.
Simpsons’: A CGI vulnerability scanner
Social Engineering • One of the oldest and easiest form of hacking. <Hacker is calling the administrator >  Hallo I am <<name of an employee>>. My user name <<user name as seen on email address>>. I am new to the company but I forgot my system password <<be very unhappy>> but my manager ask to find him some files. If I tell him that I forgot my password , I am afraid that he is going to fire me. Please help <<be persuasive>>>> <Administrator wants to help a fellow employee> Ok. Do not cry now. That is why we are here for. I am going to reset your password to newpassoword. Just do not forget it again. <Hacker thanks the polite employee>  Oh thank you so much. I am going to buy the coffee when we meet. You are a lifesaver…. (The scenario works even better is the hacker is a female and the administrator is a male.)
IP Spoofing • Hackers usually change the IP address in their datagrams. • This happens for two reasons: – To avoid getting caught. – To bypass security tools, and systems that allow trusted connections. • Changing just the IP is called a blind attack, because the hacker never sees the response from the target. • In order to see the response the hacker has a number of ways: – Install a sniffer to the target network. – Use Source Routing – Use ICMP redirect – If both hacker and target are located on the same network use ARP spoofing. – DNS cache Poisoning. • Software programs like A4 proxy allows hackers to use a number of anonymous servers before they attack. Thus their real IP is almost untraceable.
A4 Proxy : Using multiple anonymous proxies to hide the IP address
The Next Step • So now I am in what am I doing next ?. 1. If you do not already have, try to gain root access. 2. Find and clear Log Files. 3. Install a Root Kit to ensure that you will have access in the future
Protecting Corporate Systems PART III Information Security Measures
Is it possible ? • Total security is not feasible. • Systems must be secured depending on their value. • Security measures are applied according to the threat level a system has. • The first step is to understand the threats, to your corporate systems. This can be done by a risk analysis process. • In this stage remember that security is a business requirement
Creating a DMZ zone • The first security measure is to seal the internal network from the outside world. • This is performed by developing a network called Demilitarized Zone (DMZ). • The DMZ contains all the servers that must be accessible from the outside world • NOTE that we must always assume that servers in the DMZ are going to be hacked at some point.
Firewalls • Firewalls exist into types: – Packet filters: Are operating on the protocol level. They use a firewalling policy to allow the packet to pass or to drop the packet. – Proxy Servers: They operate at the application level. They are always located between the user requests and the servers response. Thus allowing us to enforce policies on which users can access the internet and on which port. • Packet Filters are usually located on the router, while Proxies are installed on computers • A network may use any number of the previous depending its size and architecture. • Known Firewalls are Checkpoint’s Firewall-1, Cisco PIX, Microsoft’s ISA.
Intrusion Detection Systems (IDS) • Intrusion detection systems are used to detect attacks to the network and inform the administrator. • IDS are organised into two categories : – Signature based : They hold a database of known attacks and they test packets against the data stored in the database. – Anomaly based: They test the traffic against anomalies. I.e. why does the network has so heavy traffic at 2 in the morning ? • When the IDS detects an attack it inform the administrator with a number of ways : email, sms, pager
Honey Pots • These are the sacrificed lamps of a network. • Honey pots are software programs that when installed on a computer they can simulate a number of systems i.e.: • Windows NT Server. • Unix Server. • Apache Server • Microsoft Exchange Server • These simulated systems look unprotected from the outside world (i.e. open ports, default accounts, known exploits. • Hackers scanning for victims detect the simulated systems and try to hack them. The honey pots allow hackers to enter but record all their moves and inform the administrator. • Honey pots can be installed either in the DMZ or in the local network.
Anti sniffing • The general idea is to make the sniffing host reply to a message that he should not be able to listen. – For example creating a packet with a fake MAC address but with the IP address of the sniffing host. If the host acknowledges the packet the it is in promiscuous mode. • Another way is to transmit unencrypted login details for a fake (honey pot) server to the network. If someone tries to use this account then someone is sniffing the network. • NOTE that using switches instead of hubs will make a sniffers life much more difficult.
L0pht Antisniff : A windows based program to detect sniffers
Antivirus • Antivirus programs are known to most users. • Such programs can be applied either as – Standalone : Each copy of the program is responsible of protecting the specific host on which it is installed. – Network based : Each copy of the program is responsible of protecting the specific host, but they are all managed by a Antivirus Server. • Note that using an antivirus program without updating its virus database does not provide protection
Security Awareness • No matter what security tools are going to be used, if users do not know about security, hacks are going to be common. • There are many ways to educate users on the issues of security: – Use of seminars – Use of posters – Use of e-mail messages – Enforce penalties
Security Awareness
Penetration Testing and Security analyzers • Security systems must be regularly tested for flaws. • These flaws are usually created from bugs in the software programs, or from bad management (i.e. bad passwords) • The process of testing a system is called penetration testing. • The process uses a number of hacking / security programs that test a system for a number of known flaws and provide advice on securing these flaws
Microsoft Baseline Security Analyzer: Tests the systems for known bugs
Additional Security Measures • Encryption/ Decryption • Digital Signatures / PKI • AAA • Security Protocols • Physical Security – The Jaguar Paradigm – The polite Employees paradigm • Security Policy
Questions ? In Accordance Meletis A. Belsis
Ad

Recommended

Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
Greater Noida Institute Of Technology
 
Hack the hack
Hack the hackHack the hack
Hack the hack
Shakti Ranjan
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
Shaurya Gogia
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
Ramasubbu .P
 
Dos n d dos
Dos n d dosDos n d dos
Dos n d dos
sadhana21297
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
Somyos U.
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
Erdo Deshiant Garnaby
 
Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?
HBServices7
 
Hacking
HackingHacking
Hacking
Anil Shrivastav
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
chris zlatis
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
marada0033
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Art.unefa.transdigital sybil caballerounefa
Art.unefa.transdigital sybil caballerounefaArt.unefa.transdigital sybil caballerounefa
Art.unefa.transdigital sybil caballerounefa
Sybil Caballero
 
Acerca de groupVision 2014
Acerca de groupVision 2014Acerca de groupVision 2014
Acerca de groupVision 2014
groupVision | optimizing group collaboration
 
Ad

More Related Content

What's hot (20)

Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
Somyos U.
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
Erdo Deshiant Garnaby
 
Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?
HBServices7
 
Hacking
HackingHacking
Hacking
Anil Shrivastav
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
chris zlatis
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
marada0033
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Assingement on dos ddos
Assingement on dos ddosAssingement on dos ddos
Assingement on dos ddos
kalyan kumar
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
Somyos U.
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
Erdo Deshiant Garnaby
 
Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?Ethical Hacking : Why Do Hackers Attack And How ?
Ethical Hacking : Why Do Hackers Attack And How ?
HBServices7
 
Hacking
HackingHacking
Hacking
Anil Shrivastav
 
Denial of Service Attack
Denial of Service AttackDenial of Service Attack
Denial of Service Attack
Dhrumil Panchal
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
chris zlatis
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
marada0033
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Eric Vanderburg
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
Gaurav Sharma
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
dkp205
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 

Viewers also liked (20)

Art.unefa.transdigital sybil caballerounefa
Art.unefa.transdigital sybil caballerounefaArt.unefa.transdigital sybil caballerounefa
Art.unefa.transdigital sybil caballerounefa
Sybil Caballero
 
Acerca de groupVision 2014
Acerca de groupVision 2014Acerca de groupVision 2014
Acerca de groupVision 2014
groupVision | optimizing group collaboration
 
Para que sirve el dropbox
Para que sirve el dropboxPara que sirve el dropbox
Para que sirve el dropbox
luzexita10
 
RTM (Remember The Milk)
RTM (Remember The Milk)RTM (Remember The Milk)
RTM (Remember The Milk)
倩如 周
 
Mass tourism in historic cities, the role of civil organizations in the case ...
Mass tourism in historic cities, the role of civil organizations in the case ...Mass tourism in historic cities, the role of civil organizations in the case ...
Mass tourism in historic cities, the role of civil organizations in the case ...
Bunt Arquitectura
 
Dossier Curso BIOCIDAS 01-12/13
Dossier Curso BIOCIDAS 01-12/13Dossier Curso BIOCIDAS 01-12/13
Dossier Curso BIOCIDAS 01-12/13
Jaime Sanabria Cansado
 
Muerte en el desvan 2012 13
Muerte en el desvan 2012 13Muerte en el desvan 2012 13
Muerte en el desvan 2012 13
ILLONOYS
 
Mailing List Matters
Mailing List MattersMailing List Matters
Mailing List Matters
click2mail
 
How you can become an Accessibility Superhero
How you can become an Accessibility SuperheroHow you can become an Accessibility Superhero
How you can become an Accessibility Superhero
robzonenet
 
Celebración 20º Aniversario Euriux Abogados
Celebración 20º Aniversario Euriux AbogadosCelebración 20º Aniversario Euriux Abogados
Celebración 20º Aniversario Euriux Abogados
Roberto Cerero Franco
 
Speaking of success
Speaking of successSpeaking of success
Speaking of success
Hasasenah Osama
 
Mario Rosales Descentralización
Mario Rosales DescentralizaciónMario Rosales Descentralización
Mario Rosales Descentralización
Nora Lis Cavuoto
 
14 Iker Casillas
14 Iker Casillas14 Iker Casillas
14 Iker Casillas
ELPABLITOHH
 
Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"
Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"
Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"
PerformanceIN
 
StrategicMaintenance7-28-07
StrategicMaintenance7-28-07StrategicMaintenance7-28-07
StrategicMaintenance7-28-07
Kevin Oswald
 
Claves de la argumentacion
Claves de la argumentacionClaves de la argumentacion
Claves de la argumentacion
Miguel Mosquera
 
1 distena 1 d alberto lopez
1 distena 1 d alberto lopez1 distena 1 d alberto lopez
1 distena 1 d alberto lopez
museocienciaiespedroespinosa
 
Arte pop tr
Arte pop trArte pop tr
Arte pop tr
carolita405
 
our products 8.9
our products 8.9our products 8.9
our products 8.9
Kon Hofstetter
 
Molecular hydrogen biomed-applications-888
Molecular hydrogen biomed-applications-888Molecular hydrogen biomed-applications-888
Molecular hydrogen biomed-applications-888
Morris Johnson
 
Art.unefa.transdigital sybil caballerounefa
Art.unefa.transdigital sybil caballerounefaArt.unefa.transdigital sybil caballerounefa
Art.unefa.transdigital sybil caballerounefa
Sybil Caballero
 
Acerca de groupVision 2014
Acerca de groupVision 2014Acerca de groupVision 2014
Acerca de groupVision 2014
groupVision | optimizing group collaboration
 
Para que sirve el dropbox
Para que sirve el dropboxPara que sirve el dropbox
Para que sirve el dropbox
luzexita10
 
RTM (Remember The Milk)
RTM (Remember The Milk)RTM (Remember The Milk)
RTM (Remember The Milk)
倩如 周
 
Mass tourism in historic cities, the role of civil organizations in the case ...
Mass tourism in historic cities, the role of civil organizations in the case ...Mass tourism in historic cities, the role of civil organizations in the case ...
Mass tourism in historic cities, the role of civil organizations in the case ...
Bunt Arquitectura
 
Dossier Curso BIOCIDAS 01-12/13
Dossier Curso BIOCIDAS 01-12/13Dossier Curso BIOCIDAS 01-12/13
Dossier Curso BIOCIDAS 01-12/13
Jaime Sanabria Cansado
 
Muerte en el desvan 2012 13
Muerte en el desvan 2012 13Muerte en el desvan 2012 13
Muerte en el desvan 2012 13
ILLONOYS
 
Mailing List Matters
Mailing List MattersMailing List Matters
Mailing List Matters
click2mail
 
How you can become an Accessibility Superhero
How you can become an Accessibility SuperheroHow you can become an Accessibility Superhero
How you can become an Accessibility Superhero
robzonenet
 
Celebración 20º Aniversario Euriux Abogados
Celebración 20º Aniversario Euriux AbogadosCelebración 20º Aniversario Euriux Abogados
Celebración 20º Aniversario Euriux Abogados
Roberto Cerero Franco
 
Speaking of success
Speaking of successSpeaking of success
Speaking of success
Hasasenah Osama
 
Mario Rosales Descentralización
Mario Rosales DescentralizaciónMario Rosales Descentralización
Mario Rosales Descentralización
Nora Lis Cavuoto
 
14 Iker Casillas
14 Iker Casillas14 Iker Casillas
14 Iker Casillas
ELPABLITOHH
 
Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"
Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"
Create - Day 1 - 17:00 - "Buy Buttons: Shortening the Path to Conversion"
PerformanceIN
 
StrategicMaintenance7-28-07
StrategicMaintenance7-28-07StrategicMaintenance7-28-07
StrategicMaintenance7-28-07
Kevin Oswald
 
Claves de la argumentacion
Claves de la argumentacionClaves de la argumentacion
Claves de la argumentacion
Miguel Mosquera
 
1 distena 1 d alberto lopez
1 distena 1 d alberto lopez1 distena 1 d alberto lopez
1 distena 1 d alberto lopez
museocienciaiespedroespinosa
 
Arte pop tr
Arte pop trArte pop tr
Arte pop tr
carolita405
 
our products 8.9
our products 8.9our products 8.9
our products 8.9
Kon Hofstetter
 
Molecular hydrogen biomed-applications-888
Molecular hydrogen biomed-applications-888Molecular hydrogen biomed-applications-888
Molecular hydrogen biomed-applications-888
Morris Johnson
 
Ad

Similar to Meletis Belsis - Introduction to information security (20)

Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
Kitkat Emoo
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
Jasleen Kaur
 
hacking lecture 3c.ppt
hacking lecture 3c.ppthacking lecture 3c.ppt
hacking lecture 3c.ppt
peter722626
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Security for database administrator to enhance security
Security for database administrator to enhance securitySecurity for database administrator to enhance security
Security for database administrator to enhance security
ssuser20fcbe
 
Security Architectures and Models.pptx
Security Architectures and Models.pptxSecurity Architectures and Models.pptx
Security Architectures and Models.pptx
RushikeshChikane2
 
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year studentsmodule 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
MayuraD1
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
Nune SrinivasRao
 
Network Security
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptxDOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Ch14 security
Ch14 securityCh14 security
Ch14 security
Welly Dian Astika
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
Network Security
Network SecurityNetwork Security
Network Security
Mohammed Adam
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
Kitkat Emoo
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
Jasleen Kaur
 
hacking lecture 3c.ppt
hacking lecture 3c.ppthacking lecture 3c.ppt
hacking lecture 3c.ppt
peter722626
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
INFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITYINFORMATION AND CYBER SECURITY
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
Inderjeet Singh
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Sachintha Gunasena
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Security for database administrator to enhance security
Security for database administrator to enhance securitySecurity for database administrator to enhance security
Security for database administrator to enhance security
ssuser20fcbe
 
Security Architectures and Models.pptx
Security Architectures and Models.pptxSecurity Architectures and Models.pptx
Security Architectures and Models.pptx
RushikeshChikane2
 
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year studentsmodule 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
MayuraD1
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
Nune SrinivasRao
 
Network Security
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptxDOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Ch14 security
Ch14 securityCh14 security
Ch14 security
Welly Dian Astika
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
Network Security
Network SecurityNetwork Security
Network Security
Mohammed Adam
 
Ad

More from Meletis Belsis MPhil/MRes/BSc (7)

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and VulnerabilitiesMeletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
Meletis Belsis MPhil/MRes/BSc
 

Recently uploaded (19)

Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 

Meletis Belsis - Introduction to information security

  • 1. What is Security ? Part I Meletis A. Belsis 2003, Athens, Greece Mediterranean College Computer Crime
  • 2. Setting the Scene • Security is one of the oldest problem that governments ,commercial organizations and almost every person has to face • The need of security exists since information became a valuable resource • Introduction of computer systems to business has escalated the security problem even more • The advances in networking and specially in distributed systems made the need for security even greater • The Computer Security Institute report, notes that in year 2003 computer crime costs where increased to more than 450 million dollars in the USA alone.
  • 3. Profiling Adversaries • Adversaries that target corporate system are numerous: • These can be general classified in the following categories: – Hackers – Employees (both malicious and unintentional) – Terrorists groups – Governments – Opposing Industries
  • 4. Security • So now we know that we need security. BUT what is security anyway ? • Many people fail to understand the meaning of the word. • Many corporations install an antivirus software, and/or a firewall and believe they are protected. Are they ?
  • 5. Security through obscurity • Consider some cases : – An internal employee wants to revenge the company and so publishes private corporate information on the NET. – The terrorist attack on the twin towers (in USA) had as a result many corporations to close. Why ? – An employee forgets his laptop into a café. This laptop contains all corporate private information. HOW CAN A FIREWALL PROTECT FROM THE PREVIOUS ?
  • 6. Security: easy to understand, difficult to implement “In the real world, security involves processes. It involves preventive technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. …. ” Bruce Schneier (Secrets and Lies, Wiley and Sons Inc.)
  • 7. Security: easy to understand, difficult to implement • Security contains a number of tools , processes and techniques. • These in general cover three main requirements: – Confidentiality – Integrity – Availability • Depending on the security requirements a system has, one can concentrate only on one of the previous or all of them. • A new requirement enforced by the operation of e-markets is non-repudiation.
  • 8. Security: easy to understand, difficult to implement • Computer Security is difficult to implement due to the following: – The cost of implementing a security system should not exceed the value of the data to be secured. – Industries pay huge amount of money for industrial espionage. – Users feel that security is going to take their freedom away and so often they sabotage the security measures. – Computer prices have fallen dramatically and the number of hackers have been multiplied. – Security managers work under strict money and time schedule. Criminals do not have any time schedule and they do not need any specialised software. – Hackers are often cooperate with known criminals. That is why, total security is almost infeasible.
  • 9. The Art of Hacking Part II Attacking Corporate Systems
  • 10. Information Gathering • The first step to hacking is to gather as much information as possible for the target. • This information is later used to draw a map of the corporate network. • This map is used to define and design an attack methodology as well as identify the needed attack tools. • The extreme case of information gathering is called dumpster diving
  • 11. Information Gathering : Searching the Corporate Web site • Searching the corporate web site for information: – Statements like : “This site is best viewed with Internet Explorer” could uncover that the company uses Microsoft Web Server. – Email Addresses. These are used to identify user names. i.e. [email protected] – Office Locations: Companies with office locations in different countries would probably use a VPN to interconnect. – Company News
  • 12. Information Gathering : Searching the Internet • Searching the WEB can provide valuable information – Using the link directive. i.e. link: www.somecompany.com provides information on the sites that link to the corporate web site. – Searching the greater WEB using the company’s name • Searching public WHOIS databases :Provide information about the domain name of the company. • Searching the ARIN Whois Database: Provide a database with all register IP addresses. • Searching technical forums using either the name of the administrator or the name of the company.
  • 13. Information Gathering :Being Polite….. • When the initial search has finished, it is now time to ASK the network itself. Believe it or not most networks are quite polite. – DNS Interrogation. It can be performed by simple using the nslookup program. – Using the PING command (ICMP Echo ). Can unveil hosts that are connected and are not protected by a firewall. – Using the TraceRoute command we can identify which is the IP of the router that connects the corporate network to the Internet.
  • 15. Information Gathering :Identify Running Services • Having a map of the internet hosts that are accessible from the internet, we must now identify the services that they offer and the operating system that is installed on each host. • Special programs like nmap and superscanner are used to interrogate each port in a host. • Detecting Services – The Scanner tries to open a connection to each port of the target host (By sending Syn messages) . – The open ports that respond show the services that are running. • Detecting the OS – The Scanner sends specific erroneous message to the ports. OS response with different messages.
  • 16. SuperScan: Windows Based Port Scanner
  • 17. Information Gathering :Scanning undetected • Many firewalls can detect these scanning attempts. So scanners use some alternate techniques: – Slow Scanning – Distributed Scanning – Half Open Connection – Fragmented packets – XMAS – FIN – FTP Bounce
  • 18. Password Cracking • Adversaries use two methods to attack passwords. – Brute force: Try all key combination in the password space. – Dictionary: Use a dictionary of known words and try each word along with their combinations. • These attacks can be performed either locally or remotely
  • 20. VIRUSES • Computer Viruses are categorised in: – Normal viruses – Trojan Horses – WORMS • Today there are more than 2,500 virus ready to be downloaded. • A user can get infected by: – Running a program – Opening an email – Visiting a web site (evil Trojan) – Opening a .doc file • Today virus creation and mutation centres can be freely downloaded from the Internet
  • 21. SubSeven: Visual Interface to Control Infected PC
  • 22. Denial of Service Attack (DoS) • The idea behind these attacks is to make the target system unavailable to its authorised users. • Typical attacks include but not limited to : – Ping O’ Death (sending packets of size greater that 65,535) – SYN Flooding Attack (Starting Many half-open connections) – Smurf Attack (sending requests to broadcast address with a spoofed IP address) – Domain Name Server DoS (Requesting DNS quires from multiple DNS Servers with a Spoofed IP
  • 26. Distributed Denial of Service (DDoS) • Hackers have used the distributed power internet offers. • Tools are now perform DoS attack from multiple hosts at the same time. • Examples are: – Tribal Flood Network – TFN2K – Stacheldraft
  • 27. Sniffing • Ethernet provides the ability to run a network card in Promiscuous mode. This allows the card to read any packet travelling on the network. • Sniffing software are using this to read all data transmitted in the local net. • Sniffers can be programmed to steal information associated only with specific protocols or programs. i.e. read all information from http packets only. • Some sniffers can be even programmed to transmit sniffed passwords back to the attacker. • The first and most used sniffer is the TCPDump .
  • 28. SnifferPro: A windows based Sniffer
  • 29. System Flaws and Exploits • Most systems today contain bugs. These are coming either from the system designers, implementers or the ones that manage the system. • Hackers can use these bugs to gain access to systems. • Examples of such are : – Default accounts – Poor User Accounts – Allowing outside anonymous Telnet connections to the Web Server – Allowing trusted connections – Buffer Overflows – Allowing Banners in services – Allowing NetBios over TCP/IP when not needed. • The Internet has a vast amount of software that test a given server for a number of such exploits.
  • 30. Simpsons’: A CGI vulnerability scanner
  • 31. Social Engineering • One of the oldest and easiest form of hacking. <Hacker is calling the administrator >  Hallo I am <<name of an employee>>. My user name <<user name as seen on email address>>. I am new to the company but I forgot my system password <<be very unhappy>> but my manager ask to find him some files. If I tell him that I forgot my password , I am afraid that he is going to fire me. Please help <<be persuasive>>>> <Administrator wants to help a fellow employee> Ok. Do not cry now. That is why we are here for. I am going to reset your password to newpassoword. Just do not forget it again. <Hacker thanks the polite employee>  Oh thank you so much. I am going to buy the coffee when we meet. You are a lifesaver…. (The scenario works even better is the hacker is a female and the administrator is a male.)
  • 32. IP Spoofing • Hackers usually change the IP address in their datagrams. • This happens for two reasons: – To avoid getting caught. – To bypass security tools, and systems that allow trusted connections. • Changing just the IP is called a blind attack, because the hacker never sees the response from the target. • In order to see the response the hacker has a number of ways: – Install a sniffer to the target network. – Use Source Routing – Use ICMP redirect – If both hacker and target are located on the same network use ARP spoofing. – DNS cache Poisoning. • Software programs like A4 proxy allows hackers to use a number of anonymous servers before they attack. Thus their real IP is almost untraceable.
  • 33. A4 Proxy : Using multiple anonymous proxies to hide the IP address
  • 34. The Next Step • So now I am in what am I doing next ?. 1. If you do not already have, try to gain root access. 2. Find and clear Log Files. 3. Install a Root Kit to ensure that you will have access in the future
  • 36. Is it possible ? • Total security is not feasible. • Systems must be secured depending on their value. • Security measures are applied according to the threat level a system has. • The first step is to understand the threats, to your corporate systems. This can be done by a risk analysis process. • In this stage remember that security is a business requirement
  • 37. Creating a DMZ zone • The first security measure is to seal the internal network from the outside world. • This is performed by developing a network called Demilitarized Zone (DMZ). • The DMZ contains all the servers that must be accessible from the outside world • NOTE that we must always assume that servers in the DMZ are going to be hacked at some point.
  • 38. Firewalls • Firewalls exist into types: – Packet filters: Are operating on the protocol level. They use a firewalling policy to allow the packet to pass or to drop the packet. – Proxy Servers: They operate at the application level. They are always located between the user requests and the servers response. Thus allowing us to enforce policies on which users can access the internet and on which port. • Packet Filters are usually located on the router, while Proxies are installed on computers • A network may use any number of the previous depending its size and architecture. • Known Firewalls are Checkpoint’s Firewall-1, Cisco PIX, Microsoft’s ISA.
  • 39. Intrusion Detection Systems (IDS) • Intrusion detection systems are used to detect attacks to the network and inform the administrator. • IDS are organised into two categories : – Signature based : They hold a database of known attacks and they test packets against the data stored in the database. – Anomaly based: They test the traffic against anomalies. I.e. why does the network has so heavy traffic at 2 in the morning ? • When the IDS detects an attack it inform the administrator with a number of ways : email, sms, pager
  • 40. Honey Pots • These are the sacrificed lamps of a network. • Honey pots are software programs that when installed on a computer they can simulate a number of systems i.e.: • Windows NT Server. • Unix Server. • Apache Server • Microsoft Exchange Server • These simulated systems look unprotected from the outside world (i.e. open ports, default accounts, known exploits. • Hackers scanning for victims detect the simulated systems and try to hack them. The honey pots allow hackers to enter but record all their moves and inform the administrator. • Honey pots can be installed either in the DMZ or in the local network.
  • 41. Anti sniffing • The general idea is to make the sniffing host reply to a message that he should not be able to listen. – For example creating a packet with a fake MAC address but with the IP address of the sniffing host. If the host acknowledges the packet the it is in promiscuous mode. • Another way is to transmit unencrypted login details for a fake (honey pot) server to the network. If someone tries to use this account then someone is sniffing the network. • NOTE that using switches instead of hubs will make a sniffers life much more difficult.
  • 42. L0pht Antisniff : A windows based program to detect sniffers
  • 43. Antivirus • Antivirus programs are known to most users. • Such programs can be applied either as – Standalone : Each copy of the program is responsible of protecting the specific host on which it is installed. – Network based : Each copy of the program is responsible of protecting the specific host, but they are all managed by a Antivirus Server. • Note that using an antivirus program without updating its virus database does not provide protection
  • 44. Security Awareness • No matter what security tools are going to be used, if users do not know about security, hacks are going to be common. • There are many ways to educate users on the issues of security: – Use of seminars – Use of posters – Use of e-mail messages – Enforce penalties
  • 46. Penetration Testing and Security analyzers • Security systems must be regularly tested for flaws. • These flaws are usually created from bugs in the software programs, or from bad management (i.e. bad passwords) • The process of testing a system is called penetration testing. • The process uses a number of hacking / security programs that test a system for a number of known flaws and provide advice on securing these flaws
  • 47. Microsoft Baseline Security Analyzer: Tests the systems for known bugs
  • 48. Additional Security Measures • Encryption/ Decryption • Digital Signatures / PKI • AAA • Security Protocols • Physical Security – The Jaguar Paradigm – The polite Employees paradigm • Security Policy