Network Administration concept and career

8/13/2019 Network Administration concept and career

1/36

System Administration as a career


2/36

SYSTEM PROTECTION &SECURITY

System and Network Threats


3/36

Threats


4/36

System and Network ThreatsVirusLaptop & mobile theft

Ddos attackUnauthorized access of informationAbuse of wireless network System protectionTelecom fraudMisuse of web applicationWebsite defacementWormsPort scanning


5/36

Worms


6/36

Talk Outline

Introduction of worms.

The life cycle of a simple worm:

scanning for a victim

exploiting the victim

cloning itself onto the victim

Administration the clone to further spread infection

Stealth techniques used to hide itself


7/36

What are worms?

A worm is a self replicating program

Self-replicating => it makes copies of itself andsends them over to hosts across a network

All copies have the same functionality andgenerally lack any sort of synchronization amongthemselves


8/36

Types of worms

Network worms

Email worms

IRC worms

IM worms File sharing worms

XSS worms


9/36

The life cycle of a simple worm

Scanning for a victim

Exploiting the victim

Cloning itself onto the victim

Running the clone to further spread infection

Stealth methods used to hide itself


10/36

The life of a worm

(1)

(2)

(2)

(2)

Victim

Victim

Victim

Victim


11/36

The life of a worm

Worm created

Victim found

Scans for Victim

Send Exploit

Get a copy

Scan

Rooted !!


12/36

Scanning for a victim

Random scan hose random scan IP from global and local

routing addresses

Overall scan Divide and conquer scan divideIP addresses among child worms

Subnet scan detect and scan local subnet


13/36

Exploiting the victim

Exploit simply put: a piece of code which provides

access to a victim computer by utilizing some flaw in

the logic of a program running on the victim computer

Network worms use what is called a remote exploit

an exploit which can be launched remotely and which

gives some code running privileges on the victim

Find a suitable exploit to use in the worm


14/36

Cloning itself onto the victim

Once the victim has been oppressed the wormneeds to get a copy of itself on the victim

Blaster worm

Http server

Ftp server

Compile source


15/36

The clone to further spread infection Once the clone has been downloaded run it

Make it a service.

Add a registry entry for startup

Clone starts scanning again

Clone finds a victim

Cycle continues


16/36

Stealth techniques used to hide itself

Hide procedure

Hide files

Hide movement

Delete logs


17/36

The life of a worm

Worm created

Victim found

Scans for Victim

Send Exploit

Get a copy

Scan

Rooted !!


18/36

Worms example

Slammer Worm

Code Red worm

MyDoom.B


19/36

Port Scanning

Three way handshaking

Stealth Scan

Xmas Scan

FIN Scan

NULL Scan

Ideal Scan


20/36

Tools

Nmap

Soft perfect network scanner

Port scanner ActiveX control

Acunetix Nessus


21/36

DOS (distributed denial of service)


22/36

What is Ddos attack??

The flood of arriving messages to the targetsystem essentially forces it to shut down, thereby

denying service to the system to legitimate users.


23/36

Why DoS attack??

Attempt to flood a network, to enhance networktraffic.

Attempt to disrupt connections between twomachines.

Attempt to prevent a particular individual fromaccessing a service.


24/36

Ddos attack types.

Smurf

Buffer overflow attack

Ping of death

Teardrop

SYN

Tribal flood Attack


25/36

Tools for DoS Attack

Jolt2

Bubonic.c

Land and LaTierra

Targa


26/36

Authentication


27/36

What is Authentication?

Authentication is any method by which a systemverifies the identity of a user who wishes to

access it.

Authentication exist to establish trust between

two parties, or authentication entities. Theseentities consist of an identity and a key.


28/36

Authentication Types. User Authentication-

User Authentication is the process ofdetermining that a user is who he/she claims tobe HTTP Basic, SSL & TLC

Entity Authentication-Entity authentication is the procedure ofdetermining if an entity is who it claims to be.

Cookies etc


29/36

Password Based AuthenticationSystem Usernames

Storing Usernames and Passwords

Ensuring Password Quality

Password Lockout

Password Aging and Password History

Automated Password Reset Systems Sending Out Passwords

Single Sign-On Across Multiple DNS Domains


30/36

Password maintenance. System Access

Password Creation Best Practices

Virus Protection

Malicious Code Best Practices

Software Installation

Encryption Web Browsing

E-mail Use


31/36

Cracking password Social engineering

Shoulder surfing

Inference

Weak authentication

Bypassing authentication

Password cracking software (Brutus, John theripper)

Dictionary attacks

Brute-force attacks


32/36

Other ways to crack passwords Keystroke logging

Weak password storage

Network analyzer


33/36

Encrypted passwords SSL

HTTPS

SSH/TLS

Stelnet


34/36

SECURITY POLICY Virus protection

Physical security of computer equipment

Access control

Lan security

Server Specific Security

Wide Area Network Security TCP/IP & Internet Security

Voice System Security


35/36

Firewall A firewall is simply a program or hardware

device that protects the resources of a private

network from user of other network.


36/36

For more details visit:Joburban.com

www.joburban.com

Cell-8860604040
http://www.joburban.com/http://www.joburban.com/

Documents

Network Administration concept and career