04/11/2022
Lecturer: Nguyễn Thị Thanh Vân – FIT - HCMUTE
Understand the network security
04/11/2022 2
1
� 04/11/2022
04/11/2022 3
04/11/2022 4
2
� 04/11/2022
Crime committed using a computer and the internet to
steal data or information.
Illegal imports.
Malicious programs
04/11/2022 5
Categorization of cyber crime
• The Computer as a Target
• The computer as a weapon
Types of cyber crime
• Hacking
• Denial of service attack
• Virus Dissemination
• Computer Vandalism
• Cyber Violence
• Software Piracy
Fields
04/11/2022 6
3
� 04/11/2022
SirCam: 2.3 million computers affected
–Clean-up: $460 million
–Lost productivity: $757 million
Code Red: 1 million computers affected
–Clean-up: $1.1 billion
–Lost productivity: $1.5 billion
Love Bug: 50 variants, 40 million
computers affected
–$8.7 billion for clean-up and lost productivity
Nimda
Nimda (note the garbage
in the subject)
Sircam
(note the “personal” text)
Both emails have executable
attachments with the virus
payload.
4
� 04/11/2022
Trojan Horse is
activated when the
software or
attachment is
executed.
Trojan Horse releases
virus, monitors
computer activity,
Trojan Horse arrives
installs backdoor, or
via email or software
transmits information to
like free games.
hacker.
a hacker compromises a system and uses that system to attack the target
computer, flooding it with more requests for services than the target can
handle.
hundreds of computers (known as a zombies) are compromised, loaded
with DOS attack software and then remotely activated by the hacker.
5
� 04/11/2022
• Sending out e-mail messages in bulk. It’s electronic “junk mail.”
• Spamming can leave the information system vulnerable to overload.
• Less destructive, used extensively for e-marketing purposes.
• Use antivirus software’s.
• Insert firewalls.
• Uninstall unnecessary software
• Maintain backup.
• Check security settings.
• Stay anonymous - choose a genderless screen
name.
• Never give your full name or address to strangers.
• Learn more about Internet privacy.
04/11/2022 12
6
� 04/11/2022
Network security Assessment: (goal)
o to identify and categorize your risks.
o is an integral part of any security life cycle
o understand the security techniques of the network, to execute
security policy and incident response procedures.
o To protect networks and data from determined attacks,
04/11/2022 13
04/11/2022 14
7
� 04/11/2022
Footprinting Scanning Networks Report
o whois, o Nmap
o dig, o Nessus
o traceroute, o Commercial Network
o nslookup o Web Application
Testing
04/11/2022 15
Footprinting generally needs the following steps to
ensure proper information retrieval:
1. Collect information about a target: host and network
2. Determine the OS of web server and web application data.
3. Query such as Whois, DNS, network, and organizational
4. Locate existing or potential vulnerabilities or exploits that exist
in the current infrastructure
=> helpful to launching later attacks.
04/11/2022 16
8
� 04/11/2022
Whois
NSLookup,
Search engines,
Social Networking Site
ARIN
Neo Trace
VisualRoute Trace
SmartWhois
eMailTrackerPro
Website watcher
Google Earth
GEO Spider
HTTrack Web Copier
E-mail Spider
04/11/2022 17
To detect the live systems running on the network
To discover which ports are active/running
To discover the operating system running on the target
system (fingerprinting)
To discover the services running/listening on the target
system
To discover the IP address of the target system
04/11/2022 18
9
� 04/11/2022
Port Scanning
o A series of messages sent by someone
attempting to break into a computer to learn
about the computer’s network services
Network Scanning
o A procedure for identifying active hosts on a
network
Vulnerability Scanning
o The automated process of proactively
identifying vulnerabilities of computing
systems present in a network
04/11/2022 19
Some common ways to perform these types of scans
are:
■ Pinging (ICMP Scanning)
■ Port scanning
04/11/2022 20
10
� 04/11/2022
it is found out which hosts are up in a network by pinging
them all
It can be run parallel so that it can run fast
It can also be helpful to tweak the ping timeout value
with the –t option
Tools:
o Ping <target> [option]
o Angry IP: for Windows
o Hping2
o Ping Sweep
o
04/11/2022 21
Three Way Handshake, TCP flags
Types of Scans
o Full Open Scan
o Stealth Scan, or Half-open Scan
o Xmas Tree Scan
o FIN Scan
o NULL Scan
o ACK Scanning
o UDP Scanning
04/11/2022 22
11
� 04/11/2022
04/11/2022 23
the systems involved initiated and completed the three-
way handshake.
The advantage
o you have positive feedback that the host is
up and the connection is complete.
Downside (disadvantage):
o since you complete the three-way handshake you have
confirmed that you as the scanning party are there.
04/11/2022 24
12
� 04/11/2022
it does not open a full TCP connection
The key advantage is that fewer sites log this scan
04/11/2022 25
Having all the flags set creates an illogical or illegal
combination, and the receiving system has to determine
what to do:
o Drop (old sys)
o Respond: port is open
o RST packet: port is closed
NMAP: NMAP –sX –v <target IP>
26
13
� 04/11/2022
The attacker sends frames to the victim with the FIN flag set.
The victim’s response depends on whether the port is open
or closed.
o if an FIN is sent to an open port there is no response,
o but if the port is closed the victim returns an RST.
NMAP: NMAP –sF <target IP address>
04/11/2022 27
The attacker sends frames to the victim with no flag set.
The victim’s response depends on whether the port is
open or closed:
o if an FIN is sent to an open port there is no response,
o if the port is closed the victim returns an RST
NAMP: NMAP –sN <target IP address>
04/11/2022 28
14
� 04/11/2022
Nmap
IPSec
NetScan
SuperScan
IPScanner
MegaPing
Global Network Inventory Scanner
Net Tools Suite Pack
Floppy Scan
04/11/2022 29
Some of the scan methods used by Nmap:
o Xmas tree: The attacker checks for TCP services by sending
"Xmas-tree" packets
o SYN Stealth: It is referred to as "half open" scanning, as a full
TCP connection is not opened
o Null Scan: It’s an advanced scan that may be able to pass
through firewalls unmolested
o Windows scan: It is similar to the ACK scan and can also detect
open ports
o ACK Scan: Used to map out firewall rule set
04/11/2022 30
15
� 04/11/2022
-sT (TcpConnect)
-sR (RPC scan)
-sS (SYN scan)
-sL (List/Dns Scan)
-sF (Fin Scan)
-P0 (don’t ping)
-sX (Xmas Scan) -PT (TCP ping)
-sN (Null Scan) -PS (SYN ping)
-sP (Ping Scan) -PI (ICMP ping)
-sU (UDP scans) -PB (= PT + PI)
-sO (Protocol Scan) -PP (ICMP
-sI (Idle Scan) timestamp)
-sA (Ack Scan) -PM (ICMP netmask)
-sW (Window Scan)
04/11/2022 31
●What needs to be secured?
●Who is responsible for it?
●What technical/non-technical controls should be
deployed?
●How are people supported to do what they need to do?
●What if something goes wrong?
●Response and recovery
●Accountability and consequences
16
� 04/11/2022
●What Needs to be Secured?
●Hardware, software and services
• Servers, routers, switches, laptops and mobile
devices
• OS, databases, services and applications
• Data stored in databases or files
●From whom?
●Remote hackers?
●Insiders?
●Identity and access management (IAM)
●Credentialing, account creation and deletion
●Password policies
●Network and host defenses
●Firewalls, IDS, IPS
●Anti-virus
●VPN and BYOD
●Vulnerability patching
●User awareness and education
●Phishing attack awareness (Phishme)
17
� 04/11/2022
●High level articulation of security objectives and
goals
●Legal, business or regulatory rationale
●Do’s and don’ts for users
–Password length
–Web and email policies
–Response to security events
●Address prevention, detection, response and
remediation as it concerns/impacts users
●Investments in cyber security are
driven by risk and how certain
controls may reduce it
●Some risk will always remain
●How can risk be assessed?
18
� 04/11/2022
Risk exposure = Prob. [Adverse security
event] * Impact [ adverse event]
Risk leverage > 1 for the control to make sense
How do we assess and reduce cyber risk?
●Impact
●Expected loss (reputational,
recovery and response, legal, loss of business
etc.)
●Risk management
●Accept, transfer (insurance) and reduce
●Reduction via technology solutions, education
and awareness training
19
� 04/11/2022
Prepare a small LAN: 1 server, 1 workstation
Install and configure tools to assess network security
o Footprinting
o Scan ports using Nmap
04/11/2022 39
20
