Scribd
Upload
117 views30 pages

Week 04

This document provides an overview of cyber security essentials, covering topics such as network protocols, IP and Ethernet addressing, network scanning tools like traceroute, netstat, and NMAP, packet analysis with Wireshark, network perimeters and remote access, threats from inbound email and external websites, and denial of service attacks. Sections address OSI layers, common network devices, private IP blocks, and weaknesses in untrusted/managed hosts and external-facing assets.

Uploaded by

api-247491493
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
117 views30 pages

Week 04

This document provides an overview of cyber security essentials, covering topics such as network protocols, IP and Ethernet addressing, network scanning tools like traceroute, netstat, and NMAP, packet analysis with Wireshark, network perimeters and remote access, threats from inbound email and external websites, and denial of service attacks. Sections address OSI layers, common network devices, private IP blocks, and weaknesses in untrusted/managed hosts and external-facing assets.

Uploaded by

api-247491493
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

CYBER

SECURITY: ESSENTIALS
Daniel Medina [email protected]

ADMINISTRATION

NEWS

Password-cracking the Ashley Madison user DB


Lots of tools for building your own CA

RECAP

NETWORKS

THE INTERNET IS
A network of networks
A series of tubes
Made of cats
(Google suggested that last one)

THE INTERNET IS
ATT

Verizon

L3

Sprint

THE INTERNET IS

THE INTERNET IS

PROTOCOLS
OSI Model

Real world

Devices

ApplicaHon

JS

App Firewalls

PresentaHon

HTML

Proxies

Session

HTTP

Load Balancers

Transport

TCP

Firewalls

Network

IP

Routers

Data

Ethernet, WiFi

Switch

Physical

Radio, Copper

Repeater, Hub

IP, ETHERNET ADDRESS

hEp://standards.ieee.org/develop/regauth/oui/
hEp://whois.arin.net

IP ADDRESSES
Pre-CIDR Classful Addresses
Class A: 0.0.0.0 - 127.255.255.255, 16,777,216 addresses
Class B: 128.0.0.0 - 191.255.255.255, 65,536 addresses
Class C: 192.0.0.0 - 223.255.255.255, 256 addresses

Private (RFC1918) Addresses


10.0.0.0/8 (10.0.0.0 - 10.255.255.255)
192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
172.16.0.0/12 (172.16.0.0 - 172.31.255.255)

TRACEROUTE

NETSTAT

PROCESS LISTING

PORT SCAN W/ NMAP


$ nmap 127.0.0.1
Starting Nmap 6.47 ( http://nmap.org ) at 2015-09-01 22:31 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00038s latency).
Not shown: 968 closed ports, 30 filtered ports
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
Nmap done: 1 IP address (1 host up) scanned in 5.42 seconds

WIRESHARK

WIRESHARK

NETWORK PERIMETERS

ProtecHng us from the Internet

Cisco SAFE Reference Guide: Enterprise Internet Edge

PERIMETER WEAKNESSES

UNTRUSTED/MANAGED HOSTS

Layered internal networks


802.1x-authenHcated endpoints

REMOTE ACCESS

VPN, SSH, RDP, VNC,

INBOUND MAIL
Viruses, Spam, Phishing
FBI: Spear-Phishing
MSFT: Blocked A*achments
RFC5598: Internet Mail Architecture

EXTERNAL WEBSITES

Browser is a rich environment


Circa 2004: Dont use IE

OUTBOUND MAIL / DATA


Data Loss PrevenHon (DLP)
How to Properly Redact
Legal Discovery (Enron Mails)

EXTERNAL-FACING WEBSITES

OWASP TOP 10 Web


VulnerabiliHes

EXTERNAL-FACING WEBSITES

PCI Requirement 6.6:


WAFs or Code Reviews

DENIAL OF SERVICE
Bandwidth-based:
UDP / ICMP-based
Distributed
Reflected
Amplified
CPU / State-based:
TCP SYN Floods
More Subtle:
Application Layer

You might also like