Cybersecurity Lecture 4 , 5 , 6 , 7 💟 مالحظة | Note هذا امللف ال يغني عن الساليدات +قابل لزيادة والتعديل ،بالتوفيق TCP & IP is a framework that is comprised of various protocols used to defines how devices should transmit data between them and enables communication over networks and large distances MAC Address text, audio or video It is called as “Physical Address” it is a unique identifier assigned to a network interface controller (NIC) to the bits [0,1] transmission medium Port Number A port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific servic Application layer Transport layer interacts with an application program. helps to make a logical connection and convert information to segmentation or de-segmentation. HTTP It is used for transferring webpages and other such resources from the server to the client SMTP This protocol supports the e-mail is known as a simple mail transfer protocol. It helps you to send the data to another e-mail address DNS type of phonebook IP addresses are stored with associated domain names FTP is a mostly used standard protocol for transmitting the files from one machine to another so we must go through layers for division and routing the packets is responsible for communication and routing the packet through possible routes. TCP IP is a protocol that first establishes a logical connection between transport layers at two hosts before transferring data is an unique address that identifies a device on the internet or a local network UDP It is a connectionless protocol that transmits user datagram without first creating a logical connection. Physical layer Network layer establishes the relationship between a device and a physical transmission medium, in this layers there aren't protocols, we only deal with bits (0,1) DHCP is a network management protocol used on Internet Protocol (IP) networks for automatically assigning Private IP addresses. NAT It’s a way to map multiple local private addresses to a public common way for transferring called Port Address Translation (PAT) ARP is a crucial protocol that helps discover physical addresses and associate them with IP addresses used for discovering the Physical layer address, such as a MAC address How does network security work? is enforced using a combination of hardware and software tools. Network Security It has three chief aims To prevent unauthorized access to network resources. the process of creating a strategic defensive approach that secures a company’s data and resources across its network Fundamentals of Network Security To ensure that authorized users have secure access to the network. To detect and stop cyberattacks. It is the field of cyber security focused on protecting computer networks from cyber threats. Network Access Control(NAC): it is the system used to restrict access to data. Network Security Protocols HTTPS is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. Identification: Utilizing usernames and identity numbers to confirm user identity, processes, or devices that may be requesting access to the network Authentication: Verifying credentials during the process of logging into a network. SFTP is the advanced version of FTP which ensures security while transferring files between the organizations/computer. SSL & TLS can receive data from any application-layer protocol, but usually the protocol is HTTP. This process of encryption will be in popular tunneling protocols supported by almost all VPNs. the server side PPTP & L2TP PPTP They allow users to remotely access a network. L2TP Authorization: After verifying credentials, authorization is provided to those requesting access to specific data on the network. Physical network security: it is used to prevent unauthorized individuals from gaining physical access to components such as routers. Technical network security: it protects all the data stored on a network. This can be data coming into the network, going out, or even transiting through it. Administrative network security: it controls comprise security policies and processes used to control user behavior. This includes how the authentication of users is done, the extent of access provided to them. Hackers person who is intensely interested in the mysterious workings of any computer operating system. are most often programmers. Types of Cyber Attacks Ransomware It is a malware designed to deny a user or organization access to files on their computer. these files and demanding a ransom payment for the decryption key.* Denial of Service (DoS) This is an attack used to restrict the user’s access to the system resources by flooding the server with useless traffic. botnet derived from the words robot and network each infected device is called a bot. refers to a group of computers which have been infected by malware and have come under the control of a malicious actor. can be designed to perform illegal or malicious tasks including sending spam, stealing data, ransomware, fraudulently clicking on ads or distributed denial-of-service (DDoS) attacks. Malware Attack Virus Worms Trojan horse Man in the middle (MITM) malicious code that replicates by copying itself to another program or document and changes how a computer works. It is a standalone program that runs independently and infects the system. is a malicious code that takes over your computer. This code can damage or steal information from your computer. Attacker intercepts communication between two individuals in order to steal data The worm propagates itself through network share devices. Phishing Eavesdropping (snooping) Phishing is when attacker sends bait, often in the form of an email. it encourages people to share their details Attacker observes traffic on your system and the work you are doing. The attacker can monitor you in three Malware Attack Password attack keylogger Bruteforce records all the hits on the keyboard. Most people use it to get passwords and account details. It is a trial and error method used to decode the password This attack takes the or data. most amount of time. Dictionary attack Shoulder surfing SQL Injection Social engineering Zero-Day It is a code-based vulnerability that allows an attacker to read and access sensitive data from the database.* Attackers create social situations that encourage you to share your information. that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term "zero-day" refers to the fact that the developer has only just learned of the flaw – which means they have “zero day” to fix it In this method, they handle every password that is possible through the dictionary. The attackers observe the user’s keyboard by looking over the user’s shoulder. DNS Spoofing and DNS Poisoning DNS spoofing uses a poisoned cache to redirect users to shady websites. The end result is the method of replacing DNS server data with malicious redirects. method Network Security Policy Best Practices Multifactor authentication (MFA) Antivirus and anti-malware software Antivirus software protects a network against multiple forms of malware Firewall can be software or hardware that controls incoming and outgoing traffic on networks, with predetermined security rules. An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities and generates alerts when they are detected. Intrusion Prevention System designed to prevent intrusions by detecting and blocking unauthorized attempts to access a network. Zero Trust Network grants specific access to an individual user based on the exact role they play within the network. Each individual is only granted access to certain processes or applications they need to complete their job successfully Virtual Private Network (VPN) is a technology that creates a safe and encrypted connection over a less secure network, such as the Internet. Data loss prevention(DLP) is a set of technologies that are designed to stop sensitive information from leaving and organization. is an easy-to- employ and increasingly popular network security solution that requires two or more factors to verify a user's identity Sandboxing refers to running software or accessing a file in an environment isolated from your computer system. Therefore, any malware won’t harm your system Wireless Network Security is the protection of wireless networks, devices and data from unwanted access and breaches. It is a subset of network security that adds protection for a wireless computer network. Wireless Security Protocols Some attacks affect Wireless Network Wired Equivalent Privacy (WEP) • Eavesdropping. • Denial of Services (DoS). • Malware Infestations. employs a shared key authentication mechanism and the RC4 encryption algorithm to encrypt data. is outdated and considered insecure because it is easily hackable. Wi-Fi Protected Access (WPA) It provides stronger security measures like message integrity checks and improved key management. but is still vulnerable to attacks. Wi-Fi Protected Access II (WPA2) remains the most popular wireless security protocol. It uses Advanced Encryption Standard (AES) encryption algorithm for stronger security measures. WPA2 is basically an upgraded version of WPA since it features improved management and is less vulnerable to attacks. Wi-Fi Protected Access II (WPA3) is the latest wireless security protocol and offers enhanced security features such as stronger encryption, protection against dictionary attacks and individualized data encryption. Announced in 2018. Steps to Protect Your Wi-Fi Network Choose a strong and unique password Update your router firmware Disable remote management Enable network encryption Use a firewall Back up important data Penetration Testing pen test or ethical hacking is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system Approaches for Penetration Testing White box tests Black box tests Gray box testing when the pen tester has full knowledge and access to the source code and environment the pen tester is given little to no information regarding the IT infrastructure of a business It provides testers with partial knowledge of the system, such as network maps. The test is performed to identify weaknesses Why is penetration testing important? • Identify security flaws so that you can resolve them or implement appropriate controls. The main idea behind gray box testing is to find potential code and functionality issues • Ensure your existing security controls are effective. • Identify new bugs in existing software Vulnerability often includes a penetration testing processes to identify vulnerabilities in an organization is a flaw or weakness in a system that, if exploited, would allow a user to gain unauthorized access to conduct an attack. can exist within - applications, - operating systems - software - hardware — or anywhere else in you network What is the Vulnerability Assessments? is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network Stages of Pen Testing Reconnaissance and planning Scanning Testers gather all the information related to the target system from public and private sources. Based on the results of the initial phase, testers might use various scanning tools to further explore the system and its weaknesses. Sources might include : social engineering, domain registration information, network and vulnerability scanning. Pen testing tools -- including : port scanners, security vulnerability scanners and network mappers Cleanup and remediation Once the testing is complete, the pen testers should remove all traces of tools and processes used during the previous stages to prevent a real-world threat actor from using them as an anchor for system infiltration During this stage, organizations should start remediating any issues found in their security controls and infrastructure. Cle Obtaining entry During this stage, testers exploit vulnerabilities assessed in the previous phase by making a connection with the target. The testers conduct common web application security attacks -- including Denial-of-Service (DoS) attack, SQL injections Analysis The testers analyze the results gathered from the penetration testing and compile them into a report The report details each step taken during the testing process, including the following: • the vulnerabilities the testers exploited. • the type of sensitive data the testers accessed. • the amount of time the testers stayed connected to the target Maintaining access This stage ensures that the penetration testers stay connected to the target for as long as possible and exploit the vulnerabilities for maximum data infiltration Types of Penetration Tests • Network Services. • Web Application. • Client Side. • Wireless. • Social Engineering. • External and Internal Penetration Test. • Physical Penetration testing Network Security Penetration Testing Common targets A network security environment is tested by simulating attacks to an organization’s systems, networks, applications, or data. software, email servers, network architectures, wireless, firewalls, and computer operating system Reasons for Performing it Common network-based attacks including: • Firewall Misconfiguration And Firewall Bypass. • IPS/IDS Evasion Attacks. • Router Attacks. • DNS Level Attacks. • SSH Attacks. • Unnecessary Open Ports Attacks. • Database Attacks. • Man In The Middle (MITM) Attacks. • FTP/SMTP Based attacks Database, components Source code Web Application Penetration Testing It is used to discover vulnerabilities or security weaknesses in web-based applications Client Side Penetration Testing common network-based attacks including is used to discover vulnerabilities or security weaknesses in client side applications. could be a program applications such as, email clients, web browsers HTML Injection Malware Infection Wireless Penetration Testing involves identifying and examining the connections between all devices connected to the business’s WiFi Social Engineering Penetration Testing It is where a malicious actor attempts to persuade or trick users into giving them sensitive information, such as a username and password. Common types attacks Phishing / Eavesdropping Reasons for Performing Social Engineering Tests? 98% of all cyber attacks rely on social engineering. Social engineering tests and awareness programs have proven to be one of the most effective methods of mitigating an attack Internal and External Penetration Test attempts to break into the network from outside An Internal Penetration Test focuses on vulnerabilities within a network. Physical Penetration Testing physical security environment is tested by simulating attacks to an organization’s buildings, hardware Hackers will often deploy malicious hardware into an organization by breaching the building’s perimeter and inserting an infected device into an organization’s network Penetration Testing Teams Red Team Blue Team plays the role of defenders. plays the role of the adversary. Purple Team is comprised of both attackers and defenders, who work as a unit and divide into offensive and defensive teams