Embed Size (px)
Citation preview
Dr. M Nasir Mumtaz Bhutta
Institute of Computing
Bahauddin Zakariya University
Multan, Punjab, 60,000
Pakistan
Email: [email protected]
www.bzu.edu.pk
Network Security Course
Miscellaneous Topics
12 January 2014
Dr. M N M Bhutta www.bzu.edu.pk
Secure Socket Layer/
Transport Layer Security
• Transport Layer Security (TLS) and its predecessors
Secure Socket Layer (SSL) provides security
(confidentiality & integrity) at transport layer in TCP/IP
stack and at session layer in OSI model.
• Client and Server should setup a TLS connection before
communicating securely with each other.
• It uses PKI for secure channel setup and exchanges
symmetric session key.
• Symmetric cryptography is used for main security
operations.
• SSL has been superseded by TLS. Current TLS version
is 1.2 and TLS 1.3 is available in draft version. 2
Dr. M N M Bhutta www.bzu.edu.pk
Virtual Private Network (VPN)
• VPN extends private networks across public network
(internet).
• Enables computer and network devices to send and
receive data across public network as if they are on
private networks.
• Major implementations of VPN include OpenVPN and
IPsec.
3
Dr. M N M Bhutta www.bzu.edu.pk
Firewall
• A system to control the incoming and outgoing traffic
based on applied rules.
– Packet filtering can control the traffic
e.g. source and destination IP addresses,
port No etc.
– The information about connection
and packets can be used to filter the
packets (e.g. packets passing for existing connections,
new connection packets etc.)
– The traffic can be controlled on all layers up to application layer
(e.g. information about protocols can be used to filter the traffic
like DNS, HTTP etc.)
4
Dr. M N M Bhutta www.bzu.edu.pk
Malwares
• Common Malwares:
5
Dr. M N M Bhutta www.bzu.edu.pk
Malware Analysis/Reverse Engineering
• Art of dissection of malware: – To provide information about intrusion/attack (what exactly happened).
– The goal is exactly to find out: what a suspect binary program can do,
how to detect it, and how to measure and contain its damage.
• Host based signatures and network based signatures
are used to detect malwares on computers and
networks.
• Most often malware analysis is performed on executable files using
following techniques:
– Basic and Advanced Static Analysis
– Basic and Advanced Dynamic Analysis
6
Dr. M N M Bhutta www.bzu.edu.pk
Malware Analysis/Reverse
Engineering – II
• Basic Static Analysis
– It is performed on executable file without actually running it and without
viewing the instructions code.
– It answers whether file is malicious, provide information about its
functionality and some times to produce network signatures to detect
malwares.
• Advanced Static Analysis
– It is performed by dissecting the malware executable by loading it into
disassembler and looking into its instructions to find out what malware
do.
• Basic dynamic Analysis
– It involves running the malware and observing its behaviour on the system in
order to remove the files, produce effective signatures.
• Advanced Dynamic Analysis
– It involves debugging the internal state of malicious executable.
7
Dr. M N M Bhutta www.bzu.edu.pk
Penetration Testing/Ethical Hacking
(Web and Infrastructure Hacking)
• Penetration testing is legal and authorized exploitation of
computer systems to make them more secure.
• Penetration testing is performed in following phases:
– Reconnaissance: collecting detailed information about system
(e.g. all machines IP addresses etc. )
– Scanning: 1. Port Scanning (finding open ports on systems and
services being run). 2. Vulnerability Scanning (finding known
vulnerabilities for services running on the system)
– Exploitation: Attacking the system for the found vulnerabilities.
– Maintaining Access: After exploitation, creating a permanent
backdoor for easy access to the system later on.
– Reporting: Details about the found issues, detailed procedures
and presenting solutions to mitigate the security issues found.
8
Dr. M N M Bhutta www.bzu.edu.pk
Digital Forensics (Computer & Network
Forensics)
• It is defined as application of science to law.
• It is the application of collection, examination
and analysis of data while preserving the
integrity of data and chain of custody.
• The process usually consists of following
phases: – Collection: Identifying, collecting, labelling and storing data.
– Examination: Assessing and extracting particular interest of data.
– Analysis: Analysing the data using legally justifiable techniques.
– Reporting: Reporting results of analysis (actions to be taken to
secure against vulnerabilities, information about crime/attack etc)
9
Dr. M N M Bhutta www.bzu.edu.pk 10
Practice !
Don’t try at home and/or without required
permissions
Dr. M N M Bhutta www.bzu.edu.pk 11
Thanks for listening !
»Questions ?
