information and network security essential
TRANSCRIPT
![Page 1: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/1.jpg)
Information And Network Security EssentialBy Erwin Dusojan
Trend Micro - Girls In Tech –Training Week 1
10/21/2021
![Page 2: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/2.jpg)
© 2020 Trend Micro Inc.2
Information Security Essentials
![Page 3: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/3.jpg)
© 2019 Trend Micro Inc.3
What is the CIA?
Integrity
Confidentiality Availability
Information Security
![Page 4: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/4.jpg)
© 2019 Trend Micro Inc.4
Understanding the CIA
Confidentiality
• Ensures that the data or system is accessed only by an authorized person.
• Confidentiality revolves around the principle of least privilege.
![Page 5: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/5.jpg)
© 2019 Trend Micro Inc.5
Confidentiality – Countermeasures
• Encryption
• Strict Access Control
• Rigorous authentication procedures
• Data classification
![Page 6: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/6.jpg)
© 2019 Trend Micro Inc.6
Understanding the CIA
Integrity
• Refers to protecting information from being modified by unauthorized parties
• Maintaining the expected state of our data or system
![Page 7: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/7.jpg)
© 2019 Trend Micro Inc.7
Integrity – Countermeasures
• Hash Total Verification(hashing)
• Strict Access Control
• Intrusion Detection System
![Page 8: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/8.jpg)
© 2019 Trend Micro Inc.8
• Subject of an activity or who caused an event cannot deny that the event occurred.
• Prevents a subject from:
– claiming not to have sent a message
– not to have performed an action
– or not to have been the cause of an event
Non-repudiation
![Page 9: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/9.jpg)
© 2019 Trend Micro Inc.9
Understanding the CIA
Availability
• A guarantee of reliable access to the information by authorized people
• These aspects must be functioning correctly:
– Computing systems used to store and process the information
– Security controls used to protect assets
![Page 10: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/10.jpg)
© 2019 Trend Micro Inc.10
Availability – Countermeasures
• Using Firewalls to prevent DDoS
• Redundancy/ High Availability
• Fault tolerance
• Maintaining backup
• Business continuity planning (BCP)
![Page 11: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/11.jpg)
Current Version: 1.1
Network Security Essentials
![Page 12: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/12.jpg)
© 2020 Trend Micro Inc.12
Network Traffic Analysis
• Networking Essentials
• Packet Sniffer
• Reconnaissance
![Page 13: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/13.jpg)
© 2020 Trend Micro Inc.13
Networking Essentials
![Page 14: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/14.jpg)
© 2020 Trend Micro Inc.14
TCP communication
![Page 15: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/15.jpg)
© 2020 Trend Micro Inc.15
Overview of TCP communication
• Traditional TCP Control Flags / Bits▪ SYN - Start a connection
▪ ACK - Acknowledgement of received data
▪ RST – Reset or abort the connection
▪ FIN - Close a connection
▪ URG - Packet contains important data
▪ PSH - Send immediately even if the buffer isn't full
![Page 16: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/16.jpg)
© 2020 Trend Micro Inc.16
TCP connection establishment
• Sequence and Acknowledgement number▪ Sequence number allow receivers to discard duplicate packets and properly
sequence reordered packets
▪ Acknowledgement number specifies the sequence number of the next byte it expects to receive
![Page 17: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/17.jpg)
© 2020 Trend Micro Inc.17
Non-Conventional use of TCP/IP Packets• Reconnaissance
▪ a method of observing and collecting information about a potential target with the intention of finding a way to attack the target
• DoS / DDoS▪ Attacker sends TCP/IP packet in a large scale, usually with a fake source
address, to consume the resources of its target and prevent a legitimate traffic
▪ Types of DDoS Attacks:• Bandwidth Attack
• Application Attack
![Page 18: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/18.jpg)
© 2020 Trend Micro Inc.18
Packet Sniffer
![Page 19: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/19.jpg)
© 2020 Trend Micro Inc.19
Packet Sniffer
• also called Network Packet Analyzer
• a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network
• Popular Tool:
https://www.wireshark.org/
WIRESHARK
![Page 20: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/20.jpg)
© 2020 Trend Micro Inc.20
Packet Sniffer
![Page 21: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/21.jpg)
© 2020 Trend Micro Inc.21
Packet Sniffer
• Wireshark Essentials:
▪ Display Filter
▪ Examples:
• Show only the http traffic: http
• Show only HTTP download: http.request.method==GET
![Page 22: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/22.jpg)
© 2020 Trend Micro Inc.22
Packet Sniffer
• Wireshark Essentials:
▪ Following TCP streams
![Page 23: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/23.jpg)
© 2020 Trend Micro Inc.23
Packet Sniffer
• Wireshark Essentials:▪ Expert Info Entries
![Page 24: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/24.jpg)
© 2020 Trend Micro Inc.24
Packet Sniffer
• Wireshark Essentials:▪ Filter Expression / Filter Buttons
![Page 25: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/25.jpg)
© 2020 Trend Micro Inc.25
Packet Sniffer
• Wireshark Essentials:▪ Creating Filter Expression: Buttons
![Page 26: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/26.jpg)
© 2020 Trend Micro Inc.26
• PCAP sampleWeb browsing to www.yahoo.com:
Packet Sniffer
![Page 27: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/27.jpg)
Lab Activity
© 2020 Trend Micro Inc.27
Exercise 1: SMTP Packet Analysis
Exercise 2: HTTP Packet Analysis
Exercise 3: DNS Packet Analysis
![Page 28: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/28.jpg)
© 2020 Trend Micro Inc.28
Reconnaissance
![Page 29: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/29.jpg)
© 2020 Trend Micro Inc.29
Reconnaissance
• Probing targets with intent of gathering information ▪ Information can be used during later attack phases
• Use of TCP Control bits/flags to determine status of TCP ports
• Type of Scans:▪ Port Scan: Open ports and services
▪ Network Scan: IP address(Live host), Operating System, Services
▪ Vulnerability Scan: Presence of known weaknesses or security holes
![Page 30: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/30.jpg)
© 2020 Trend Micro Inc.30
Port Scanners
• Software applications designed to probe hosts for open ports, verifying security policies
• Attackers utilize those to identify services running on a host ▪ Provide information to exploit vulnerabilities
• Popular applications:
https://angryip.org/https://nmap.org/https://www.kali.org/
Angry IP ScannerNMAPKALI LINUX TOOLS
![Page 31: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/31.jpg)
© 2020 Trend Micro Inc.31
Reconnaissance: Port Scanning• ACK Scan
– Test if stateful firewall is present between the attacker and target
– Not used to check the state of the port
– Server response with RST packet
» Port is unfiltered and a stateful firewall is absent
– No response or response with TCP packet “ICMP type 3” (code 1, 2, 3, 9, 10 or 13)
» Port is filtered and a stateful firewall is present.
– Stateful Inspection => maintaining a table of open connections and allows to associate new connection requests with existing connections.
ACK+ PORT
RST
PORT IS UNFILTERED PORT IS FILTERED
ACK+ PORT
ICMP Error(Type 3, Code 1,2,3,9,10 OR 13)
or NO RESPONSE
![Page 32: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/32.jpg)
© 2020 Trend Micro Inc.32
Reconnaissance: Port Scanning• SYN Scan (a.k.a TCP Stealth Scan)
– Response with SYN+ACK
» Port is open
– Response with RST packet
» Port is closed
– ICMP port unreachable or no reply
» likely blocked by a firewall
– Final ACK is not send by attacker
» Avoid opening a full TCP connection
SYN+PORT
SYN+ACK
RST
PORT IS OPEN
SYN+PORT
RST
PORT IS CLOSED
![Page 33: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/33.jpg)
© 2020 Trend Micro Inc.33
Reconnaissance: Port Scanning
• FIN Scan
– Response with RST packet
» Port is closed
– No Response
» Port is open
FIN+PORT
( NO RESPONSE )
PORT IS OPEN
FIN+PORT
RST
PORT IS CLOSED
![Page 34: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/34.jpg)
© 2020 Trend Micro Inc.34
Reconnaissance: Port Scanning
• XMAS scan
▪ Difficulties using XMAS scan:
• Multiple flags are combined, easy to identify
• Can either be dropped or ignored by modern systems
PSH,FIN,URG + PORT
( NO RESPONSE )
PORT IS OPEN
PSH,FIN,URG + PORT
RST
PORT IS CLOSED
![Page 35: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/35.jpg)
© 2020 Trend Micro Inc.35
Reconnaissance: Port Scanning
• UDP Scan ▪ UDP = connectionless protocol, reacts different compared to TCP
▪ Technical challenges using UDP Scan:
• If a port is blocked by a firewall, this method will falsely report that the port is open.
• If the port unreachable message is blocked, all ports will appear open.
SYN+PORT
ICMP Port Unreachable
PORT IS CLOSED
UDP + PORT
PORT IS OPEN
( NO RESPONSE )
![Page 36: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/36.jpg)
© 2020 Trend Micro Inc.36
Reconnaissance: Network Scan
• Host Discovery▪ Process of reducing a set of IP ranges into a list of active or
interesting hosts
▪ ICMP echo request/reply
• intended to determine whether a host is alive or not
▪ ICMP error response
• Means either host is not alive or ICMP Echo traffic is filtered / blocked
• Alternative to ICMP echo▪ Traceroute command discovers the route between the sender and
the targeted host by sending packets with varying TTLs
![Page 37: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/37.jpg)
Lab Activity
© 2020 Trend Micro Inc.37
Exercise 4: vApp Preparation
Exercise 5: Host Discovery
![Page 38: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/38.jpg)
© 2020 Trend Micro Inc.38
Reconnaissance: OS Fingerprinting
• OS Finger Printing
▪ A process to determine the operating system used by a host on a network
▪ Fingerprinting techniques are based differences in packets generated by different operating systems • E.g. IP TTL values, IP ID Values, TCP Windows size, TCP options etc.
![Page 39: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/39.jpg)
Lab Activity
© 2020 Trend Micro Inc.39
Exercise 6: OS Fingerprinting• Nmap –O
• Nmap NSE scripting
![Page 40: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/40.jpg)
© 2020 Trend Micro Inc.40
Reconnaissance: Netcat
• Simple UNIX utility
• Reads and writes data across network connections▪ using TCP or UDP protocol
• Functions as both, server and agent▪ can listen for inbound connections on arbitrary ports
▪ “nc host port” creates a TCP connection to the given port on the given target host
![Page 41: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/41.jpg)
Lab Activity
© 2020 Trend Micro Inc.41
Exercise 7: Port Scan• Netcat Connect Scan
• SYN Scan
• UDP Scan
![Page 42: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/42.jpg)
© 2020 Trend Micro Inc.42
Reconnaissance: Banner Grabbing
• Banner ▪ Response received when accessing services
▪ Contains information about the specific application / service
• Banner Grabbing▪ Technique use to gather information about a computer and its
running services
![Page 43: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/43.jpg)
Lab Activity
© 2020 Trend Micro Inc.43
Exercise 8: Banner Grabbing• Netcat
• Nmap
![Page 44: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/44.jpg)
© 2020 Trend Micro Inc.44
Reconnaissance: Vulnerability Scanning
• Vulnerability is a security hole or security weakness▪ often exploited with malicious intentions by hackers and malwares
• Vulnerability scanners ▪ Special type of automated utility designed to identify known holes or
weaknesses in operating systems and applications
▪ Used legitimately, however attackers may also employ similar tools to identify weaknesses in the target environment
![Page 45: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/45.jpg)
© 2020 Trend Micro Inc.45
• Vulnerability scanners are designed to assess computers, computer systems, networks or applications for known weaknesses.
▪ Popular applications:
Vulnerability Scanners
https://www.rapid7.com/ja/https://tenable.com/https://www.openvas.org/https://www.metasploit.com/
NexposeNessusOpenVASmetasploit
![Page 46: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/46.jpg)
Lab Activity
© 2020 Trend Micro Inc.46
Exercise 9: SNMP Enumeration• Enable SNMP and set community string
• SNMP Enumeration Metasploit
![Page 47: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/47.jpg)
© 2020 Trend Micro Inc.47
Thank You!
![Page 48: Information And Network Security Essential](https://reader031.vdocuments.us/reader031/viewer/2022021710/620b3ff2eae98a77b86744a2/html5/thumbnails/48.jpg)
Threats detected and blocked globally by Trend Micro in 2018. Created with real data by artist Daniel Beauchamp.