04/11/2022

 

Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE

 Understand the network security

04/11/2022 2

1
 04/11/2022

04/11/2022 3

04/11/2022 4

2
 04/11/2022

 Crime committed using a computer and the internet to

steal data or information.
Illegal imports.
Malicious programs

04/11/2022 5

 Categorization of cyber crime

• The Computer as a Target
• The computer as a weapon

 Types of cyber crime

• Hacking
• Denial of service attack
• Virus Dissemination
• Computer Vandalism
• Cyber Violence
• Software Piracy

 Fields

04/11/2022 6

3
 04/11/2022

 SirCam: 2.3 million computers affected

–Clean-up: $460 million
–Lost productivity: $757 million
 Code Red: 1 million computers affected
–Clean-up: $1.1 billion
–Lost productivity: $1.5 billion
 Love Bug: 50 variants, 40 million
computers affected
–$8.7 billion for clean-up and lost productivity
 Nimda

Nimda (note the garbage

in the subject)

Sircam
(note the “personal” text)
Both emails have executable
attachments with the virus
payload.

4
 04/11/2022

Trojan Horse is
activated when the
software or
attachment is
executed.

Trojan Horse releases

virus, monitors
computer activity,
Trojan Horse arrives
installs backdoor, or
via email or software
transmits information to
like free games.
hacker.

a hacker compromises a system and uses that system to attack the target
computer, flooding it with more requests for services than the target can
handle.
hundreds of computers (known as a zombies) are compromised, loaded
with DOS attack software and then remotely activated by the hacker.

5
 04/11/2022

• Sending out e-mail messages in bulk. It’s electronic “junk mail.”

• Spamming can leave the information system vulnerable to overload.
• Less destructive, used extensively for e-marketing purposes.

 • Use antivirus software’s.

• Insert firewalls.
• Uninstall unnecessary software
• Maintain backup.
• Check security settings.
• Stay anonymous - choose a genderless screen
name.
• Never give your full name or address to strangers.
• Learn more about Internet privacy.

04/11/2022 12

6
 04/11/2022

 Network security Assessment: (goal)

o to identify and categorize your risks.
o is an integral part of any security life cycle
o understand the security techniques of the network, to execute
security policy and incident response procedures.
o To protect networks and data from determined attacks,

04/11/2022 13

04/11/2022 14

7
 04/11/2022

Footprinting Scanning Networks Report

o whois, o Nmap
o dig, o Nessus
o traceroute, o Commercial Network
o nslookup o Web Application
Testing
04/11/2022 15

 Footprinting generally needs the following steps to

ensure proper information retrieval:

1. Collect information about a target: host and network

2. Determine the OS of web server and web application data.

3. Query such as Whois, DNS, network, and organizational

4. Locate existing or potential vulnerabilities or exploits that exist

in the current infrastructure
=> helpful to launching later attacks.

04/11/2022 16

8
 04/11/2022

 Whois
 NSLookup,
 Search engines,
 Social Networking Site
 ARIN
 Neo Trace
 VisualRoute Trace
 SmartWhois
 eMailTrackerPro
 Website watcher
 Google Earth
 GEO Spider
 HTTrack Web Copier
 E-mail Spider

04/11/2022 17

 To detect the live systems running on the network

 To discover which ports are active/running
 To discover the operating system running on the target
system (fingerprinting)
 To discover the services running/listening on the target
system
 To discover the IP address of the target system

04/11/2022 18

9
 04/11/2022

 Port Scanning
o A series of messages sent by someone
attempting to break into a computer to learn
about the computer’s network services

 Network Scanning
o A procedure for identifying active hosts on a
network

 Vulnerability Scanning
o The automated process of proactively
identifying vulnerabilities of computing
systems present in a network
04/11/2022 19

 Some common ways to perform these types of scans

are:
■ Pinging (ICMP Scanning)
■ Port scanning

04/11/2022 20

10
 04/11/2022

 it is found out which hosts are up in a network by pinging

them all
 It can be run parallel so that it can run fast
 It can also be helpful to tweak the ping timeout value
with the –t option
 Tools:
o Ping <target> [option]
o Angry IP: for Windows
o Hping2
o Ping Sweep
o

04/11/2022 21

 Three Way Handshake, TCP flags

 Types of Scans
o Full Open Scan
o Stealth Scan, or Half-open Scan
o Xmas Tree Scan
o FIN Scan
o NULL Scan
o ACK Scanning
o UDP Scanning

04/11/2022 22

11
 04/11/2022

04/11/2022 23

 the systems involved initiated and completed the three-

way handshake.
 The advantage
o you have positive feedback that the host is
up and the connection is complete.
 Downside (disadvantage):
o since you complete the three-way handshake you have
confirmed that you as the scanning party are there.

04/11/2022 24

12
 04/11/2022

 it does not open a full TCP connection

 The key advantage is that fewer sites log this scan
04/11/2022 25

 Having all the flags set creates an illogical or illegal

combination, and the receiving system has to determine
what to do:
o Drop (old sys)
o Respond: port is open
o RST packet: port is closed
 NMAP: NMAP –sX –v <target IP>

26

13
 04/11/2022

 The attacker sends frames to the victim with the FIN flag set.
 The victim’s response depends on whether the port is open
or closed.
o if an FIN is sent to an open port there is no response,
o but if the port is closed the victim returns an RST.

 NMAP: NMAP –sF <target IP address>

04/11/2022 27

 The attacker sends frames to the victim with no flag set.

 The victim’s response depends on whether the port is
open or closed:
o if an FIN is sent to an open port there is no response,
o if the port is closed the victim returns an RST

 NAMP: NMAP –sN <target IP address>

04/11/2022 28

14
 04/11/2022

 Nmap
 IPSec
 NetScan
 SuperScan
 IPScanner
 MegaPing
 Global Network Inventory Scanner
 Net Tools Suite Pack
 Floppy Scan

04/11/2022 29

 Some of the scan methods used by Nmap:

o Xmas tree: The attacker checks for TCP services by sending
"Xmas-tree" packets
o SYN Stealth: It is referred to as "half open" scanning, as a full
TCP connection is not opened
o Null Scan: It’s an advanced scan that may be able to pass
through firewalls unmolested
o Windows scan: It is similar to the ACK scan and can also detect
open ports
o ACK Scan: Used to map out firewall rule set

04/11/2022 30

15
 04/11/2022

 -sT (TcpConnect)
 -sR (RPC scan)
 -sS (SYN scan)
 -sL (List/Dns Scan)
 -sF (Fin Scan)
 -P0 (don’t ping)
 -sX (Xmas Scan)  -PT (TCP ping)
 -sN (Null Scan)  -PS (SYN ping)
 -sP (Ping Scan)  -PI (ICMP ping)
 -sU (UDP scans)  -PB (= PT + PI)
 -sO (Protocol Scan)  -PP (ICMP
 -sI (Idle Scan) timestamp)
 -sA (Ack Scan)  -PM (ICMP netmask)
 -sW (Window Scan)

04/11/2022 31

●What needs to be secured?

●Who is responsible for it?
●What technical/non-technical controls should be
deployed?
●How are people supported to do what they need to do?
●What if something goes wrong?
●Response and recovery
●Accountability and consequences

16
 04/11/2022

●What Needs to be Secured?

●Hardware, software and services
• Servers, routers, switches, laptops and mobile
devices
• OS, databases, services and applications
• Data stored in databases or files
●From whom?
●Remote hackers?
●Insiders?

●Identity and access management (IAM)

●Credentialing, account creation and deletion
●Password policies
●Network and host defenses
●Firewalls, IDS, IPS
●Anti-virus
●VPN and BYOD
●Vulnerability patching
●User awareness and education
●Phishing attack awareness (Phishme)

17
 04/11/2022

●High level articulation of security objectives and

goals
●Legal, business or regulatory rationale
●Do’s and don’ts for users
–Password length
–Web and email policies
–Response to security events
●Address prevention, detection, response and
remediation as it concerns/impacts users

●Investments in cyber security are

driven by risk and how certain
controls may reduce it

●Some risk will always remain

●How can risk be assessed?

18
 04/11/2022

Risk exposure = Prob. [Adverse security

event] * Impact [ adverse event]

Risk leverage > 1 for the control to make sense

How do we assess and reduce cyber risk?

●Impact
●Expected loss (reputational,
recovery and response, legal, loss of business
etc.)
●Risk management
●Accept, transfer (insurance) and reduce
●Reduction via technology solutions, education
and awareness training

19
 04/11/2022

 Prepare a small LAN: 1 server, 1 workstation

 Install and configure tools to assess network security
o Footprinting
o Scan ports using Nmap

04/11/2022 39

20