Network Protection Systems – Chapter 13

This chapter is all about network protection systems with a focus on several key elements such as routers, firewalls, web filtering and honeypots. The first section begins with Routers and explains protocols, basic hardware, and then follows up with taking a closer look at Cisco routers. A strong point made was that routers are used as network protection devices. This is accomplished through having similar components as a computer. Such as the following:

• Random access memory (RAM) – The component holds the router’s running configuration, routing tables, and buffers. If you turn off the router, the contents stored in RAM are eased. Any changes you make to a router’s configuration, such as changing the prompt displayed, are stored in RAM and aren’t permanent unless you save the configuration.
• Nonvolatile RAM (NVRAM) - This component holds the router’s configuration file, but the information isn’t lost if the router is turned off.
•  Flash memory – This component holds the IOS the router is using, it’s rewritable memory, so you can upgrade the IOS if cisco releases a new version or the current IOS version becomes corrupted.
• Read only memory (ROM) – This component contains a minimal version of cisco’s IOS that’s used to boot the router if flash memory gets corrupted. You can boot the router and then correct any problems with the IOS, possibly installing a new, uncorrupted version.
• Interfaces – These components are the hardware connectivity points to the router and the components you’re most concerned with. An Ethernet port, for example is an interface that connects to a Lan and can be configured to restrict traffic from a specific IP address, subnet, or network.

The computers Firewall is an important part to the network protection. It serves two main purposes. The first is controlling access traffic entering an internal network and second controlling traffic leaving an internal network. There are both hardware and software firewalls they each have their own advantages and disadvantages. The security tester must pay close attention to this aspect of network protection.

A honeypot is a place on the network perimeter that contains information or data intended to lure or trap hackers. The purpose of this is to distract hackers from getting legitimate data. Another objective of the honeypot is to attract hackers to the phony computer long enough so they can be traced and turned over to law enforcement. A good website for more information about honeypots is www.honeynet.org.

The chapter presented a lot of good material that will certainly help in protecting a network system. There were many helpful websites as well as charts and diagrams. 

Cryptography – Chapter 12

This chapter is all about cryptography which is the process of converting plaintext (readable) into ciphertext (unreadable). This process has been around for centuries. The text goes through a brief chronological sequence of the high points as it cryptography evolved. It is important to understand Symmetric and Asymmetric algorithms. Symmetric algorithm uses one mathematical key to encrypt and to decrypt, whereas Asymmetric uses two mathematical keys to encrypt and to decrypt. The book has several pages on understanding cryptography attacks and some possible safeguards to help thwart off attackers.

The chapter goes into much detail about protecting data as travels a network. It provides the security professional with many tools as well as areas to be concerned about. I found the chapter to be very informative along with much insight.   

Hacking Wireless Networks – Chapter 11

This chapter is a synopsis of wireless technology and network standards. It also covers some tools attackers use to gain access to wireless networks. The text begins with explaining the fundamentals of wireless technology and its components. As complex as it may seem there are a few basic elements which are:

• Wireless network interface cards (WNIC). Which transmit and receive wireless signals and (Aps) which are the bridge between wired and wireless networks.
• Wireless networking protocols such as Wi-Fi protected access (WPA)
• A portion of the RF spectrum which replaces wire as the connection medium.

The next few sections cover the following wireless network standards:

• 802.11 standard
• Basic architecture of 802.11
• IEEE 802.11 standards
• 802.1x standard
• 802.15 standard
• 802.16

 User authentication is important and usually is used in combination with wireless encryption standards to ensure that access to a wireless local area network (WLAN) is authorized.

Hacking a wireless network isn’t much different from hacking a local area network. Virtually the same port-scanning and enumeration tools can be used on wireless networks that are used on wire line.  

I found this chapter to be a good resource for wireless network connectivity. It walked you through the various parts of the system, how wireless networks work, and even how to safeguard your system. It was also interesting to note the various potential assaults attackers use to gain access to one’s computer. 

Hacking Web Servers – Chapter 10

Web applications are computer programs allowing website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. The data is then presented to the user within their browser as information is generated dynamically (in a specific format, e.g. in HTML using CSS) by the web application through a web server. Web browsers are software applications that allow users to retrieve data and interact with content located on web pages within a website.

Most importantly, modern web sites allow the capture, processing, storage and transmission of sensitive customer data (e.g., personal details, credit card numbers, social security information, etc.) for immediate and recurrent use. And, this is done through web applications. Such features as webmail, login pages, support and product request forms, shopping carts and content management systems, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These are all common examples of web applications.

Common Gateway Interface (CGI) is another standard that handles moving data from a Web server to a Web browser. CGI’s main role is passing data between a Web server and a Web browser. It accomplishes this through scripting languages like Perl or others to creating dynamic web pages.

The critical piece or part is for the security tester to understand the vulnerabilities of Web Application. Security professionals need to access the system and examine potential methods for attacking it. When conducting security tests on Web applications determine whether dynamic web pages were used, whether the web application connects to a back end database, whether a separate sever is used for authenticating users and what platform was used to develop the Web application.

Many tools are available for testing Web application vulnerabilities such as Wfecth and Wapiti. Also Open Web Application Security Project offers open-source software to help security professional learn about Web application vulnerabilities.

Embedded Operating Systems – Chapter 9

What is an Embedded Operating System? It is a special-purpose computer system, which is completely encapsulated by the device it controls. An embedded system has specific requirements and performs pre-defined tasks, unlike a general-purpose personal computer. One type of specialized embedded OS is a real-time operating system. (RTOS) This is typically used in devices such as appliance controls, programmable thermostats, and even in pacemakers.

There are a plethora of other proprietary embedded operating systems such as VxWorks developed by Wind River Systems, Windows from Microsoft, and QNX form QNX. The *NIX embedded operating system is an example of a monolithic OS used in a multitude of industrial, medical, and consumer items.

Today hackers want more than notoriety; they are looking for monetary gain. They are looking for ways to exploit embedded operating systems for personal profit. For reasons of efficiency and economy connecting embedded systems to a network has its advantages. However a security tester will need to address:

• What peripheral component interconnects devices is present?
• Where were they manufactured? Is this supply chain trustworthy?
• Which embedded OS is currently loaded on device?
• Can you make sure the embedded OS hasn’t been corrupted or subverted with malicious code?
• Which devices have embedded OSs stored in rewriteable memory?

 Supervisory Control and Data Acquisitions systems (SCADA) are used for equipment monitoring in large industries, such as public works and utilities, power generators and dams, transportation systems, manufacturing and anywhere automation is critical. The protection of SCADA systems are a life or death proposition. So for this reason SCADA systems are usually separated from the internet by an air gap. This measure helps minimize the potential vulnerabilities.

In an effort to fight off attacks a security professional should be aware of all embedded systems, upgrade or replace embedded systems that can’t be fixed or pose an unacceptable risk, be on top of all patching, and follow the least privileges principle and restrict access to thwart off attackers.

Desktop and Server Os Vulnerabilities – Chapter 8

This chapter speaks to Vulnerabilities in Windows and Linux operating systems. As a security tester it is vital to be able to identify potential security problems and correct such weaknesses. A good website for determining vulnerabilities for any operating system is www.cve.mitre.org. This site can also be used to test a Windows computer and make sure it has current updates as well as patches. The following areas are potential locations for a security breach:

• Windows file Systems
• File Allocation Table
• NTFS (New Technology File Systems)
• Remote Procedure Call
• NetBios
• Server Message Block
• Common Internet File System
• Null Sessions
• Web Services
• SQL Server
• Buffer Overflows
• Passwords and Authentication

Some tools to help find vulnerabilities are eEye Retina, Tenable Nessus, QualysGuard, GFI Languard, and IBM Internet Scanner and OpenVas. All these scanners can be used on both Linux and Windows operating systems.

However built into Windows is MBSA (Microsoft Baseline Security Analyzer) which has the capabilities of checking for patches, security updates, service packs, and hotfixs. It can also address the concern right away.

The following list is ways to help make your computer more secure:
• Patching Systems
• Antivirus Solutions
• Enable Logging and Review Logs Regularly
• Disable Unused and Filtering Ports

The chapter continues with Linux operating system vulnerabilities and tools to identify these issues. There are several Lab activities throughout the chapter which give you some hands on experience.

Programming for Security Professionals – Chapter 7

This chapter is an introduction into programming for the Security Professional. It is an overview of C, HTML, and Perl programing. It began with some basics about Branching, Looping, and Testing. Branching takes you from one area of a program to another area. Looping is the act of performing a task over and over. The loop usually completes after testing is conducted on a variable and returns a value of true or false.

The most popular programming language is C. When writing an algorithm it is critical to have clear program code documentation. The text has several different charts giving descriptions of each of the following topics Compilers, Characters, Variable types, Specifiers, and Operators. Security Professionals should have a basic understanding of Peril and c because many security tools are written in these languages. With this knowledge a Security Professional could modify the security tools and construct their own customized program.

The chapter concludes with reviewing Object-Oriented Programing Concepts along with an overview of Ruby. Again there are some charts listing the functions and their descriptions. Overall the chapter provided some insights on the fundamentals of programing and it was not overwhelming.

Enumeration – Chapter 6

Enumeration is all about taking port scanning to the next level. In this chapter we learned some basics about various Operating Systems and the tools for enumerating them. In this chapter we were introduced to use the NBTscan tool and the enumerating window operating systems. The chart below describes the Windows Operating Systems.

The Network Basic Input Output System (NetBIOS) is a windows programing interface that allows computers to communicate across a local area network. The Network Basic Input Output System is important to understand because hackers often exert more effort to attach computers identified as domain controllers because these systems store more data.  The chapter goes on to explain NetBIOS Null sessions and enumeration tools. It goes on further to talk about such tools as DumpSec, Nessus, OpenVas, and Hyena.

The text goes into a brief overview of the Netware Operating System highlighting the key points from each of the five listed below.

  

The chapter closes with enumerating *nix Operating Systems and UNIX enumeration.

Port Scanning – Chapter 5

This chapter is all about Port scanning and some of the various tools available to security testers. Port scanning is a method to detect which services a host computer offers. Listed below are some of the types of port scans.

• SYN scan - Stealthy scan
• Connect scan - Completes three-way handshake
• NULL scan - Packet flags are turned off
• XMAS scan - FIN, PSH and URG flags are set
• ACK scan - Used to get past firewall
• FIN scan - Closed port responds with an RST packet
• UDP scan - Closed port responds with ICMP “Port Unreachable” message

Some of the port scanning tools are:

• Nmap – It is currently the standard port-scanning tool for security testers. You are able to customized Nmap with different commands.
• Unicornscan – This is used primarily on large networks. This product is considering an all in one tool.
• Nessus - No longer under GPL license.
• OpenVas - Performs complex queries while client interfaces with server. Capable of updating security check plug-ins.

Ping sweeps are done to identify which IP addresses belong to active hosts. The Fping can ping multiple IP addresses at the same time. The input file is typically created with a shell-script. The Hping is often used to bypass filtering devices. This tool offers an abundant amount of features for advanced port scanning.

The end of the chapter goes into some discussion about scripting and the importance of being able to customize programs. Shown below are some of the basic commands. This can be both a time and money saver.

Footprinting and Social Engineering – Chapter 4

Footprinting is the process of finding information on a company’s network. An important concept is Footprinting is passive or nonintrusive it is not breaking the law. The sites listed below are available tools for Footprinting.

Competitive intelligence is discovering as much as possible about a business in a legal manner. As a security professional one needs to have a good understanding of what competitors are seeking and be able to communicate this to their client.

Network attackers often discover critical data about business in various ways. They analyze company web sites, use HTTP basics, and in some cases uses E-mail addresses that are listed in a DNS output. Some other techniques are detecting cookies, web bugs and using Domain Name System (DNS) zone transfers all explained in the chapter.

Social Engineering has been around for long time it is the skill of using knowledge of human nature to get information from people. There are several different techniques that are used they are: Urgency, Quid pro quo, Status quo, kindness, and Position. Two other methods that play off of social engineering  are phishing and spear phishing. Both means send e-mail requesting information. With phishing the individual does not know the sender whereas with spear phishing the recipient potential knows the sender. These approaches can be very effective in obtaining all kinds of data regarding a company’s network.

The art of Shoulder Surfing, Dumpster Diving and Piggybacking are somewhat more aggressive in their approach of gaining information about a business. Shoulder Surfing is basically looking over someone’s shoulder and watching what they are typing. Piggybacking is following somebody into an unauthorized area again with the intent of securing guarded information. Dumpster Diving is just what it states rummaging through the refuse to find pertinent data about a business.

The Security professional must have the where with all to stop these potential vulnerabilities from being exploited and jeopardizing his client’s security.

Network and Computer Attacks – Chapter 3

As the title indicates this chapter was all about intruders attacking Computer systems and Network infrastructure. These assaults can come from both insiders as well as outsiders. In some situations protecting both the Network and workstations might be as simply as ensuring proper precautions have been taken to secure their locations and proper identification is presented when requested.

The chapter begins with describing malicious software.  Malware is malicious software used with the intent of corrupting or destroying data. Some of the other types of malware are worms, viruses, and Trojan programs which are all explained in greater detail.

Spyware and adware are similar in that both programs can be installed without users aware of their presence. The purpose or intent of placing spyware on someone’s computer is to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. However programs that collect data with the user’s knowledge are not technically spyware. Such software is called adware and is designed to track and report user information to advertising or other interested parties.

It goes on to explain Denial of Service Attacks (DOS), Distributed Denial of Service Attacks (DDoS), Addressing Physical Security, and Keyloggers. The chapter covered potential ways to breach both Computes and the Network that an ethical-hacker needs to be able to identify and stop.     

TCP/IP Concepts Review – Chapter 2

This chapter was an overview of networking concepts with a focus on Transmission Control Protocol/Internet Protocol. (TCP/IP) It concluded by reviewing the following number systems binary, octal and hexadecimal. Within this section ‘nibbles’ were discussed with an emphasis on converting binary to decimal.

The section began with discussing protocol and specifically TCP/IP. It noted that TCP/IP was the most widely used protocol. It continued with the four layers application, transport, internet, and network giving a brief description of each one.

                                                   

                                       

 The chapter covers the six TCP segment flags which are:

 ◦SYN flag: The synch flag signifies the beginning of a session.

◦ACK flag: The acknowledgment flag acknowledges a connection and is sent by a host after receiving a

   SYN-ACK packet.

◦PSH flag: The push flag is used to deliver data directly to an application. Data isn’t buffered it’s sent

   immediately.

◦URG flag: This flag is used to signify urgent data.

◦RST flag: The reset flag resets or drops a connection.

◦FIN flag: The finish flag signifies that the connection is finished.

It also talks about the top TCP ports a security professional and penetration tester use and should understand. They are Ports 20&21, 25, 53, 69, 110, 119, 135, 139, and 143.

The chapter goes into IP addressing and explains classes A, B, and C. It also reviews IP address assignments and IPv6 addressing. This chapter was a great help for me.

Ethical Hacking Overview – Chapter 1

I found chapter 1 very informative right from the start. The text explains the nuances between an ethical hacker and a hacker. The purpose of an ethical hacker also called a security tester or a penetration tester is to find weaknesses in the security infrastructure of a company. In a security test testers not only attempt to break into a company’s security system they also do an in depth analysis of the security policy and procedures and report out accordingly. Whereas in a penetration test an ethical hacker attempts to break into the company’s network. The chapter continues by going into greater detail about the role of a Security and Penetration tester. Words like crackers, script kiddies, and packet monkeys are defined as they relate to hackers.

The three types of Penetration Testing that an ethical hacker performs are discussed. It reviews the methodologies between the White, Black, and Gray models.  

It also goes into the “Law of the Land”, “Federal Laws’, and briefly what you can do legally. I did not realize how many different certifications’ there are for an ethical hacker. In a nutshell the world of hacking or ethical hacking is a very serious business and may not be for everyone.       

Introduction

Hello my name is Al LaLond.  I’m taking this class to gain a better understanding about computer security. I’m a newbie in the IT world and look forward to earning that notable title of “Computer Geek” as I work towards my degree in IT Network Security. This will be a great class to help me achieve my goals.