‫‪Cybersecurity‬‬
‫‪Lecture 4 , 5 , 6 , 7‬‬
‫💟‬
‫مالحظة | ‪Note‬‬
‫هذا امللف ال يغني عن الساليدات‬
‫‪ +‬قابل لزيادة والتعديل ‪ ،‬بالتوفيق‬
TCP & IP
is a framework that is comprised of various
protocols used to defines how devices should transmit data between them and
enables communication over networks and large distances
MAC Address
text, audio
or video
It is called as “Physical Address”
it is a unique identifier assigned
to a network interface controller (NIC)
to the
bits [0,1]
transmission medium
Port Number
A port number is a number assigned to
uniquely identify a connection endpoint and
to direct data to a specific servic
Application layer
Transport layer
interacts with an
application program.
helps to make a logical
connection and convert
information to segmentation
or de-segmentation.
HTTP
It is used for
transferring webpages
and other
such resources from the
server to the client
SMTP
This protocol supports the e-mail
is known as a simple mail
transfer protocol.
It helps you to send the data
to another e-mail address
DNS
type of phonebook
IP addresses are stored
with associated domain
names
FTP
is a mostly used standard
protocol for transmitting
the files from one machine
to another
so we must go through layers for
division and routing the packets
is responsible for
communication and routing
the packet through possible
routes.
TCP
IP
is a protocol that first
establishes a logical
connection between
transport layers at two
hosts before transferring
data
is an unique address that
identifies a device on the
internet or a local
network
UDP
It is a connectionless
protocol that transmits
user datagram without
first creating a logical
connection.
Physical layer
Network layer
establishes the
relationship between a
device and a physical
transmission medium, in
this layers there aren't
protocols, we only deal
with bits (0,1)
DHCP
is a network management protocol
used on Internet Protocol (IP)
networks for automatically
assigning Private IP addresses.
NAT
It’s a way to map multiple local
private addresses
to a public
common way for
transferring called Port
Address Translation (PAT)
ARP
is a crucial protocol that helps discover
physical addresses and associate them with
IP addresses
used for discovering the Physical layer
address, such as a MAC address
How does network security work?
is enforced using a combination of
hardware and software tools.
Network Security
It has three chief aims
To prevent
unauthorized
access to network
resources.
the process of creating a strategic defensive
approach that secures a company’s data and
resources across its network
Fundamentals of Network Security
To ensure that
authorized users
have secure access
to the network.
To detect and
stop
cyberattacks.
It is the field of cyber security focused on
protecting computer networks from cyber threats.
Network Access Control(NAC): it is the
system used to restrict access to data.
Network Security Protocols
HTTPS
is an extension of the Hypertext
Transfer Protocol (HTTP).
It is used for secure communication
over a computer network, and is widely
used on the Internet.
Identification: Utilizing usernames and
identity numbers to confirm user identity,
processes, or devices that may be requesting
access to the network
Authentication: Verifying credentials during
the process of logging into a network.
SFTP
is the advanced version of FTP
which ensures security while transferring
files between the organizations/computer.
SSL & TLS
can receive data from any application-layer protocol,
but usually the protocol is HTTP.
This process of encryption will be in
popular tunneling protocols supported by almost all VPNs.
the server side
PPTP & L2TP
PPTP
They allow
users to
remotely
access a
network.
L2TP
Authorization: After verifying credentials,
authorization is provided to those requesting
access to specific data on the network.
Physical network security: it is used to
prevent unauthorized individuals from
gaining physical access to components
such as routers.
Technical network security: it protects all
the data stored on a network. This can be
data coming into the network, going out, or
even transiting through it.
Administrative network security: it controls
comprise security policies and processes
used to control user behavior. This includes
how the authentication of users is done,
the extent of access provided to them.
Hackers
person who is intensely interested in the mysterious
workings of any computer operating system.
are most often programmers.
Types of Cyber Attacks
Ransomware
It is a malware designed to deny a user or organization access
to files on their computer.
these files and demanding a ransom payment for the decryption key.*
Denial of Service (DoS)
This is an attack used to restrict the user’s access to the system
resources by flooding the server with useless traffic.
botnet
derived from the words robot and network
each infected device is called a bot.
refers to a group of computers which have been infected by
malware and have come under the control of a malicious actor.
can be designed to perform illegal or malicious tasks including
sending spam,
stealing data,
ransomware,
fraudulently clicking on ads or distributed denial-of-service (DDoS) attacks.
Malware Attack
Virus
Worms
Trojan horse
Man in the middle (MITM)
malicious code
that replicates by
copying itself to
another program
or document and
changes how a
computer works.
It is a standalone
program that runs
independently
and infects the
system.
is a malicious code
that takes over your
computer. This code
can damage or steal
information from
your computer.
Attacker intercepts
communication
between two
individuals in order
to steal data
The worm propagates
itself through network
share devices.
Phishing
Eavesdropping (snooping)
Phishing is when
attacker sends
bait, often in the
form of an email.
it encourages
people to share
their details
Attacker observes
traffic on your
system and the
work you are doing.
The attacker can
monitor you in
three
Malware Attack
Password attack
keylogger
Bruteforce
records all the hits on the
keyboard. Most people use it to
get passwords and account details.
It is a trial and error method
used to decode the password
This attack takes the
or data.
most amount of time.
Dictionary
attack
Shoulder
surfing
SQL Injection
Social engineering
Zero-Day
It is a code-based
vulnerability that
allows an attacker to
read and access
sensitive data from
the database.*
Attackers create
social situations that
encourage you to
share your
information.
that describes recently
discovered security
vulnerabilities that
hackers can use to
attack systems.
The term "zero-day"
refers to the fact that
the developer has only
just learned of the flaw –
which means they have
“zero day” to fix it
In this method, they handle every
password that is possible through
the dictionary.
The attackers observe the user’s
keyboard by looking over the
user’s shoulder.
DNS Spoofing and DNS Poisoning
DNS spoofing uses a poisoned cache to
redirect users to shady websites.
The end result
is the method of replacing DNS server data
with malicious redirects.
method
Network Security Policy Best Practices
Multifactor authentication (MFA)
Antivirus and anti-malware software
Antivirus software protects a network against multiple forms of malware
Firewall
can be software or hardware that controls incoming and outgoing
traffic on networks, with predetermined security rules.
An Intrusion Detection System (IDS)
is a monitoring system that detects suspicious activities and generates alerts
when they are detected.
Intrusion Prevention System
designed to prevent intrusions by detecting and blocking unauthorized
attempts to access a network.
Zero Trust Network
grants specific access to an individual user based on the exact
role they play within the network. Each individual is only granted
access to certain processes or applications they need to complete
their job successfully
Virtual Private Network (VPN)
is a technology that creates a safe and encrypted connection over a less secure
network, such as the Internet.
Data loss prevention(DLP)
is a set of technologies that are designed to stop sensitive
information from leaving and organization.
is an easy-to- employ and increasingly popular network security solution that
requires two or more factors to verify a user's identity
Sandboxing
refers to running software or accessing a file in an environment isolated
from your computer system. Therefore, any malware won’t harm your system
Wireless Network Security
is the protection of wireless networks, devices and data from unwanted
access and breaches. It is a subset of network security that adds
protection for a wireless computer network.
Wireless Security Protocols
Some attacks affect Wireless Network
Wired Equivalent Privacy (WEP)
• Eavesdropping.
• Denial of Services (DoS).
• Malware Infestations.
employs a shared key authentication mechanism and
the RC4 encryption algorithm to encrypt data.
is outdated and considered insecure because it is easily hackable.
Wi-Fi Protected Access (WPA)
It provides stronger security measures like message integrity checks and
improved key management. but is still vulnerable to attacks.
Wi-Fi Protected Access II (WPA2)
remains the most popular wireless security protocol. It uses Advanced
Encryption Standard (AES) encryption algorithm for stronger security measures.
WPA2 is basically an upgraded version of WPA since it features improved
management and is less vulnerable to attacks.
Wi-Fi Protected Access II (WPA3)
is the latest wireless security protocol and offers enhanced security features such as
stronger encryption, protection against dictionary attacks and individualized data encryption.
Announced in 2018.
Steps to Protect Your Wi-Fi Network
Choose a strong
and unique
password
Update your
router firmware
Disable remote
management
Enable network
encryption
Use a firewall
Back up important
data
Penetration Testing pen test or ethical hacking
is an authorized simulated cyberattack on a computer system,
performed to evaluate the security of the system
Approaches for Penetration Testing
White box tests
Black box tests
Gray box testing
when the pen tester has
full knowledge and
access to the source code
and environment
the pen tester
is given little to no
information regarding
the IT infrastructure
of a business
It provides testers
with
partial knowledge of
the system, such as
network maps.
The test is performed to identify weaknesses
Why is penetration testing important?
• Identify security flaws so that you can resolve
them or implement appropriate controls.
The main idea behind gray
box testing is to find
potential code and
functionality issues
• Ensure your existing security controls are effective.
• Identify new bugs in existing software
Vulnerability often includes a penetration testing processes to identify vulnerabilities in an organization
is a flaw or weakness in a system that, if exploited, would allow a user to gain
unauthorized access to conduct an attack.
can exist within
- applications,
- operating systems
- software
- hardware
— or anywhere else in you network
What is the Vulnerability Assessments?
is the process of defining, identifying, classifying and
prioritizing vulnerabilities in computer systems, applications and network
Stages of Pen Testing
Reconnaissance and planning
Scanning
Testers gather all the information
related to the target system from
public and private sources.
Based on the results of the initial
phase, testers might use various
scanning tools to further explore
the system and its weaknesses.
Sources might include :
social engineering,
domain registration information,
network
and vulnerability scanning.
Pen testing tools -- including :
port scanners,
security vulnerability scanners
and network mappers
Cleanup and remediation
Once the testing is complete, the pen testers
should remove all traces of tools and
processes used during the previous stages to
prevent a real-world threat actor from using
them as an anchor for system infiltration
During this stage, organizations should start
remediating any issues found in their security
controls and infrastructure.
Cle
Obtaining entry
During this stage, testers exploit
vulnerabilities assessed in the
previous phase by making a
connection with the target.
The testers conduct common web application
security attacks -- including
Denial-of-Service
(DoS) attack,
SQL injections
Analysis
The testers analyze the results
gathered from the penetration testing
and compile them into a report
The report details each step taken during the
testing process, including the following:
• the vulnerabilities the testers exploited.
• the type of sensitive data the testers accessed.
• the amount of time the testers stayed connected to the target
Maintaining access
This stage ensures that the
penetration testers stay connected to
the target for as long as possible and
exploit the vulnerabilities for
maximum data infiltration
Types of Penetration Tests
• Network Services.
• Web Application.
• Client Side.
• Wireless.
• Social Engineering.
• External and Internal Penetration Test.
• Physical Penetration testing
Network Security Penetration Testing
Common targets
A network security environment is tested by simulating attacks to
an organization’s systems, networks, applications, or data.
software,
email servers,
network architectures,
wireless,
firewalls,
and computer operating system
Reasons for Performing it
Common network-based attacks including:
• Firewall Misconfiguration And Firewall Bypass.
• IPS/IDS Evasion Attacks.
• Router Attacks.
• DNS Level Attacks.
• SSH Attacks.
• Unnecessary Open Ports Attacks.
• Database Attacks.
• Man In The Middle (MITM) Attacks.
• FTP/SMTP Based attacks
Database,
components Source code
Web Application Penetration Testing
It is used to discover vulnerabilities or security
weaknesses in web-based applications
Client Side Penetration Testing
common network-based attacks including
is used to discover vulnerabilities or security
weaknesses in client side applications.
could be a program
applications such as, email clients, web browsers
HTML
Injection
Malware Infection
Wireless Penetration Testing
involves identifying and examining the
connections between all devices connected to
the business’s WiFi
Social Engineering Penetration Testing
It is where a malicious actor attempts to persuade or trick users into giving
them sensitive information, such as a username and password.
Common types attacks
Phishing / Eavesdropping
Reasons for Performing Social Engineering Tests?
98% of all cyber attacks rely on social engineering.
Social engineering tests and awareness programs have proven to be one
of the most effective methods of mitigating an attack
Internal and External Penetration Test
attempts to break into the network from outside
An Internal Penetration Test focuses on vulnerabilities within a network.
Physical Penetration Testing
physical security environment is tested by simulating attacks to an
organization’s buildings, hardware
Hackers will often deploy malicious hardware into an organization by
breaching the building’s perimeter and inserting an infected device into an
organization’s network
Penetration Testing Teams
Red Team
Blue Team
plays the role of defenders.
plays the role of the adversary.
Purple Team
is comprised of both attackers and
defenders, who work as a unit and divide into
offensive and defensive teams