Datasäkerhet C - fortsättning
För säkerhetsspecialister
Section 1 Ethernet and IP Operation
OSI Network Model
Application Layers
Network Services Layers
Moving Data Through The Stack
Data Link Layer Format
Ethernet Operation
Hub and Switch Operation
Ethernet Security Issues
Detecting Promiscuous NICs
Network Packet Capture
tcpdump
Ethereal
IPv4
IP Addressing
Differentiated Services
IP Fragmentation
Path MTU Discovery
ARP
ICMP
ICMP Redirects
Important ICMP Messages
ICMP Security Issues
Protecting Against ICMP Abuse
Lab 1 - Basic Traffic Generation, Capture, and Analysis
Capture and analyze ARP traffic with a variety of tools
Capture and analyze ICMP echo, unreachable, and redirect messages
Explore the differences between a variety of traffic capture utilities and their interfaces and options
Section 2 IP and ARP Vulnerability Analysis
IP Security Issues
IP Routing
Routing Protocol Security
Protecting Against IP Abuse
ARP Security Issues
Cache Poisoning with ARP Replies
Cache Poisoning with ARP Requests
ARP Cache Poisoning Defense
Lab 2 - Advanced Traffic Generation, and Capture
Learn to use a variety of tools to generate traffic, including forged headers.
Use ARP cache "poisoning" to capture traffic on a switched LAN
Use various techniques to discover if a NIC is in promiscuous mode
Section 3 UDP/TCP Protocol and TELNET Vulnerability Analysis
User Datagram Protocol
UDP Segment Format
Transmission Control Protocol
TCP Segment Format
TCP Port Numbers
TCP Sequence / Acknowledgment #'s
TCP Three-way Handshake
TCP Window Size
The TCP State Machine
The TCP State Transitions
TCP Connection Termination
TCP SYN Attack
TCP Sequence Guessing
TCP Connection Hijacking
Telnet
Telnet Concepts - Options
Telnet Concepts - Commands
Telnet Security Concerns
Lab 3 - Attacks on TCP
Use forged packets to slow and kill TCP sessions.
Monitor and hijack a telnet session
Section 4 FTP and HTTP Vulnerability Analysis
FTP
Modes
Transfer Methods
Security Concerns
The Bounce Attack
Minimizing Risk
FTP - Port Stealing
Brute-force Attacks
Access Restriction
Privacy
HTTPv1.1
HTTP Protocol Parameters
HTTP Message
HTTP Request/Method Definitions
Response/Status Codes
Proxies
Authentication
Security Concerns
Personal Information
Attacks On File and Path Names
Header Spoofing
Auth Credentials and Idle Clients
Proxy Servers
Lab 4 - Attacks on FTP and HTTP
Use dsniff to capture FTP and HTTP passwords
Bonus exercise: Use urlsnarf and webspy to monitor a web browser
Section 5 DNS Protocol Vulnerability Analysis
DNS
DNS Basic Concepts and Terms
DNS Resolution
DNS Zone Transfers
DNS Spoofing
DNS Cache Poisoning
DNS Security Improvements
Lab 5 - Attacks on DNS
Use dnsspoof to forge DNS responses to redirect web traffic
Use forged DNS responses to circumvent host based access security
Section 6 SSH and HTTPS Protocol Vulnerability Analysis
SSH Concepts
Initial Connection
Protocols
SSH1
SSH2
Encryption Vulnerabilities
SSH Vulnerabilities
SSH1 Insertion Attack
SSH Brute Force Attack
SSH1 CRC Compensation Attack
Bleichenbacher Oracle
SSH1 Session Key Recovery
Client Authentication Forwarding
Host Authentication Bypass
X Session Forwarding
HTTPS Protocol Analysis
SSL Enabled Protocols
SSL protocol
SSL Layers
The SSL Handshake
SSL Vulnerabilities
Intercepted Change Cipher Spec
Intercepted Key Exchange
Version Rollback Attack
Lab 6 - HTTPS and SSH
Perform a man-in-the-middle attack on secure web connections.
Perform a man-in-the-middle attack on SSH v1 connections.
Perform a timing and packet length attack on SSH v1 and SSH v2 connections.
Section 7 Remote Operating System Detection
OS Detection
Banners
Commands
Less-direct Approaches
TCP/IP Stack Fingerprinting
Remote Fingerprinting Apps
nmap
Lab 7 - Using nmap
Use the Nmap utility to perform general network sweep scans.
Use Nmap to perform a wide variety of scans on a host.
Use Nmap to perform TCP/IP fingerprinting for remote OS detection.
Section 8 Attacks and Basic Attack Detection
Sources of Attack
Denial-of-Service Attacks
Methods of Intrusion
Exploit Software Bugs
Exploit System Confiuration
Exploit Design Flaws
Password cracking
Typical Intrusion Scenario
Intrusion Detection
IDS Considerations
Attack Detection Tools
Klaxon
PortSentry
PortSentry Design
Snort
Lab 8 - Basic Scan Detection
Examine standard system logs and statistics for signs of attack
Configure portsentry to log port scans from nmap
Configure portsentry for active response to port scans
Section 9 Intrusion Detection Technologies
Intrusion Detection Systems
Host Based IDS
Network Based IDS
Network Node IDS
File Integrity Checkers
Hybrid NIDS
Honeypots
Focused Monitors
Snort Architecture
Snort Detection Rules
Snort Logs and Alerts
Snort Rules
Lab 9 - Exploring Snort
Install snort
Test Snort to see if it detects Nmap scans
Use Snort to examine network traffic in decoded text format
Use Snort to capture all network packets in tcpdump-style binary logs
Use tethereal to analyze captured packets
Setup Snort to log to SYSLOG
Section 10 Advanced Snort Configuration
Advanced snort Features
snort Add-ons
ACID Web Console
The ACID Interface
SnortCenter Management
Lab 10 - Snort Tools
Set up a new MySQL database for use with snort
Configure snort to log to the new database
Set up and test the ACID analysis tool
Setup and configure SnortCenter
Install and configure the Linux SnortCenter Sensor Agent
Observe how snort and ACID respond to attacks.
Section 11 Snort Rules
Snort Rules Format
Snort Rules Options
Writing Snort Rules
Example Rules
Lab 11 - Custom Snort Rules
Capture packet from exploit that Snort does not currently detect
Write a custom rule for snort to detect the exploit
Verify exploit detection
Section 12 Linux and Static Routing
Linux As a Router
Linux Router Minimum Requirements
Router Focused Distributions
Router Specific Settings
Lab 12 - Static Routing
Configure your host to act as a router
Configure and test "automatic" anti-spoofing protection
Configure the system to implement the above automatically on reboot
Section 13 Linux Firewalls
Types of Firewalls
Application Firewalls:TCP Wrappers
Application Firewalls: Squid
Packet Filter: ipchains
Stateful Packet Filter: iptables
Firewall Topology
Recommended Firewall Rules
Firewall Limitations
iptables Concepts
Using iptables
Advanced iptables Actions
iptables: A More Secure Approach
Lab 13 - IPtables
Use iptables to filter traffic destined to your host
Use iptables to log traffic destined to a specific port on your host
Section 14 Network and Port Address Translation
Address Translation
Configuring NAT and PAT
NAT Limitations
Tillbaka till Datasäkerhet C
|
