Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista)




Download 43.75 Kb.
NameNotes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista)
A typeUser
manual-guide.com > manual > User
9 September 2011

Information Security, MIS 6391

jeraldutpa@atl.net

Class notes:

Problems with laptops:

  • Convenient but very dangerous as far as security, personal & business information.

Privileges on a guest account

  • guests accounts do have limited access but do have access to some software shared docs.

  • computer can still be used

  • No guest account should be on your computer

Guest:

  • Privileges

  • Standard

  • Administrator or root – hacker can do anything if he escalates his privileges. ----- this is the access a hacker wants to “escalate privileges”

Passwords:  guessing of common passwords

  • 1234

  • asdf

  • admin

BIOS – Basic Input Output System (Power, CPU, HD) (motherboard is thinking… can I boot?) booting process 

Boot process:

  • do I have power, CPU, and hard drive

  • RTFM = read manuel

  • BIOS will look for the master boot record

    • Master boot record (where is OS?) (windows XP SP3 updates) you need to know what software it is to use correct hacking

    • Operation System – kernel runs your hardware; RAM (blue screen is when RAM is messed up)


Boot up process


        • Desktop  will load

        • Security hardware

        • Network services load

          • Applications

          • Drivers are software.  Its only purpose is the hardware needs to talk to the operating system.

          • Hash – is an algorithm, a calculation, a result from the password.

          • CISO –Chief information Security Officer

Type of Control Interface

Hacker will exploit everything

  • Guessing is easier

Zero Day Exploit – defenders does not know / neg. day is before hacker finds in

Command Prompt can give you full level of control.

  • 1st line … at end type control userpasswords 2 or Boot from CD (Toshiba F12)

How do you get pw’s?

  • if you have saved pw’s it is easy, it goes to HD pw bank

  • saved pw (HD)…. Save HASH index

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin. account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then XP & vista)

Information Technology side --------------------------------------------- Users (managers)

 5 kinds of computer devices:

1. Input 

2. Process - CPU

3. Output

4. Communication – network interface card (I/O)

5. Storage

Music Industry 

  • Piracy – digital format that consist of bit, 1, 0; binary/base 2

  • Old PC’s had 4KB of RAM---à8GB RAM

  • Internet – 1999 Napster

  • DRM – Digital Rights Management – intellectual property protection

1. Technological Factors?

  • Encrypt – scrambling

  • Decrypt - unscramble

2. Business/Economic Factors?

  • MP3 has no DRM

  • You can buy singles rather than the whole record – change the bundle

  • Changed the price

3. Behavioral Factors?

  • no technical barrier to end piracy

  • it’s so easy to buy a song and it is cheap

Command Line

  • Path starts with a partition is far downs as it goes.  On the partition, there is a root folder \root folder\...\...\

  • .DLL – dynamic Links Library – pre written program 

  • .exe

Internet traffic – TCP/IP – when you do your email, all your traffic is using this system 

IP does address and you can find your position on the network - internet protocol

TCP reads errors

LAN – Local Area Network

Research Websites:

  • www.webopedia.com

  • www.whatis.techtarget.com

  • www.cnetnews.com

  • www.securitywizardry.com

10 September 2011

Limited:

  • Anchor Point  

    • Starting position for debate

      • Gourmet meal vs snack at grocery store/ harder critique

      • McDonald’s vs snack at grocery store/ softer critique

1. Massive

        • Deter

        • Retaliate Counter Strike

2. Limited 

  • Escalation

3. Cyber Warfare  

  • Cyber-Criminal – 16 yr old British student hacker  (Richard Clarke)

  • TCP/IP – geo locate

4. Nation-State 

  • State actors

  • Non state actors

  • State targets - 

5. Cyber terrorism

  • Politically motivated

Defend

  • Military – invasion attacks

  • Authentication

  • 1. Firewalls

  • 2. Antivirus

Cyber-Spying (espionage)

  • Sabotage

6. SearchSecurity.com

  • security

Defend/Response - In normal ware fare in traditional means: 

1. Have we been attacked? 

DDOS – trying to tie up their phone lines.

Root kit – its invisible; get hacked and don’t even know it. It alters system files and there is an antivirus component.

2.  Have we been damaged?  - You can see the damage on attack. (Smoke from bombs)

3.  Who/what was damaged? – make an assessment to see what was damaged or attacked; system, database, etc.

4.  How was attack done? / IS damage still underway?

6.  WHO did it? ---- IP address is only a location----- MAC address – Media Access Control-- individual---

 They are never going to hack from their home live network and use Tore - Proxy – TOR

7. Data Validation – inputted data validation

Ware fare- is a bad idea – ware fare is a bad analogy. 

Richard Clark - "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption."

In computers, the hardest thing in IT is to understand IT in a thing of itself.   When the Internet was first made, people could share data.  In the long run, the internet has been a highway for stealing movies.  They were not thinking of that back then.

Hackers cannot be deterred.  RTFM – means read the manual.

  • Hackers have a personal interest while the nation state is a political move.

  • It might be possible to catch a nation’s state.

Internet Service Providers--- routers (crosses between networks) --- switch (LAN) ---individual machines

When you present, be articulate, speak directly to your audience, use body language, six bullets per slide, legible, six words per bullets, watch the timing, 

****** faculty.utpa.edu/jhughes1/6391/syllabus.com

17 September 2011

Command Prompt

Ipconfig /all

IP ----- where on network 

  • Computer

  • Switch – connects machines inside the LAN

  • Router – takes you from one network to the other.

  • ARP – Address Resolution Protocol

  • NIC - MAC --- IP address

  • Access point

  • hotspot



  • Command

    • line interface

      • Syntax

      • Switches

      • ports

ARP –s, then command you are going to work on

Internet address is the gateway

Physical address in the MAC address

ARP poising attack or redirect

  • Spoof – 

A hacker can hack it because they know what they are doing.

* If we know what kind of devices they have, we would already know the system that are on.

Ports – 80

When you get an IP address, it can be static or dynamic

tracert – traces the route

  • Virus – self replicating right over programs that were supposed too be there. malware

  • Keylogger – software 

  • Trojan – email/webpage – “don’t click on the link” 

  • Worm - very dangerous because it is very fast.  

  • Social engineering – just causes and asks

  • Logic bomb/time bomb 

Attackers

  • Hackers

    • Black-hat – causing a crime; if you are breaking the law

    • Grey hat – doesn’t have permission, illegal root access, but they are not breaking the law.  They provide service to the white hats.

    • White-hat – these are the good guys, doing things illegal, but they have permission.  Probably a consultant, in house guy.

* Script kiddies – doesn’t really know what he is doing but he uses fires heep

DOS  attackers that use botnet such as gangs and organized crime; reputation.

DDOS

Distributed denial of service

Identity theft – data is worth dollars

Cracking 

  • Software

  • Encryption - 

  • System  - root or administrator; you have full control

Software: Big 4

1. Anti-virus

2. Firewall(SW-personal) (HW-commercial)

3. Anti-spyware – spybot S&D 

4. Anti-root kit - 

******* avg – free, spybot, download.com, comodo, fireball, kaspersky

  • Information – Personal Identifiers – D.L #, SS #, Credit Card #, etc.  Keep them confidential.

  • Groups – with privileges--- this is a match between individuals and data

  • Accounts

Security Software – virus signature

  • Keys

  • Certificates

People – 

    1. CISO

    2. Network administrator 

    3. Specialists  

    4. Information Owner – the person in the manager sense; In charge of the accounts of money in the department. 

    5. Generates money ---- uses, oversees

    6. Information custodians – these are the person in charge of the information; people in IT and running data bases.

    7. End users - 

Procedures – 

FERPA – Family Education rights and Privacy Act

Training – everyone needs to be familiar with procedures

Confidentiality - authorized Access; authenticated

  • Logon, password

  • Tokens

  • Dongle – usb key containing information.

  • It has an authorization code and run the software.  Characteristics of Info  

Integrity – data is complete and it’s correct.  

Availability - data proc/system

What is a port – it is a pathway 

SCR-IP

DST-IP

Web

Email

IM

Video streaming

IP: Port # goes to the service, and then software will look at it.

The attacks now are much faster.  Now you have worms, in 90 minutes, 1 billion dollars in damage.

Stuxsnet – worst virus around; attacks nuclear reactors.

1 October 2011

Key Management 

  • Generates

  • Distribution public/private

  • Storing

Case Study

Jim – VP HR    Brian – CIO

  • Talked to engineers   talked to IT

  • Apps broken    Response:   kill old accounts, trace VPN’s, and deploy backups

  • Corrupted 

  • Accessing data base

  • Old accounts

  • doc     Cryptography:  secret writing 

  • Crypt system: “unkeyed”

  • Pgpzip       VPN encrypted: assets

Network Zones:

  • Cenartech IT:

    • Red Zone: Public facing/guest internet

    • Yellow Zone: internal use only; workers; firewall/filtered

    • Green Zones:  TOP SECRET; financial system

**** Firewalls separate the zones

Disaster Recovery 

Public website – demilitarize zone

Logging unusual pattern

Baselines

CIA:

  • Confidentiality

  • Integrity

  • Availability

Disaster Recover: fail safe/fail over

Accounts

  • Guest 

  • Limited

  • Standard

  • Administrator

Security Culture

Bob     Secret Message     Alice

What is your public key? ----------------     PKI

-----------------------------------------------------Public key encrypt his message-------------------------

----------------------------------------------------- Encrypt message--------------------------------------------

1. What is your public key?

2. Keys, public, private

3. Encrypt message then decrypts with a public key

Confidentiality

Assets:  Information Classification Factor

  • Public

  • Information

  • Secret

IBAC – identity Base Access Control

  • Privileges are linked to the person

RBAC – Role Base Access Control

Person:

Group 1: privileges

Group 2: privileges

Group 3: privileges

Active directory: Master data base

Insider – privileges

Factors: single and multiple

Privileged escalation:  

  • Rainbow tables

  • Guess

  • Social engineering – get the person to tell you/charming

  • Shoulder surfing – watching browser

Public Key Cryptography

  • Encrypt ->scrambler

  • Sign – digital certificate/hashed certificate/hash –one way algorithm

Cryptography – symmetrical codes

  • Single key/shared

  • Codebooks

  • Reversible algorithm

  • Fast/easy/simple

https – secure

ARP – address resolution protocol: used to convert an IP address into a physical spoofed website: a fraudulent website. Public/private key pair

  • Wire shark – ease dropping

  • packet sniffer - software that talks to the NIC

Asymmetrical

> Key pair 2-key

> Trap door algorithm

> 1-way algorithm

> Slow complex

Public key encrypts his message and decrypts with her private key.

Bob     message     Alice

1. Encrypt with private key ---------------------------------------------------- receive encrypted message

     What is Bob’s ---------------------------------------------------------------

2. -------------------------------------------------- Public key

3. Decrypts with public key

Port Scanning

Port scanning 

  • Portray

  • Nbtstat-a, an

 Nbtstat-n

DNS – ip address/ URL

NIC- Network Interface Card. Address of the NIC is MAC

Fuzz a port – submitting random programs to find a break

Case study:

Hacker – interested in programming

Cracker 

  • Software

  • Encryption DRM – digital rights management

  • System

  • Domain

The word hacker comes from a term “I’ll hack away at it” difficulty

Enthusiasm –enjoys and determined

Innovation – creative

Skillz – 1337, expertise, leet, elite

Negative characteristics

> Arrogance/egotism

> Notoriety/reputation based

Hacker ethic

1. Info should be free

2. Authority must be mistrusted

3. Access should be unlimited

4. Judge by skillz

5. Credentials

6. Computer can change your life for the better

Information

1. People

2. Procedures  CIA: Confidentiality, Integrity, Availability

3. Hardware

Attack framework

1. Assets

2. Threats (outcome)

  • Identity theft 

  • Data theft

  • Crash system

3. Threat agent – person who gets in and steals data; worm

4. Vulnerability

5. Exploits/events – use the threat agent (means)

6. Risk

3 states that must be protected

  • Stored – tapes, hard drives microfilm, flash drives, portable HD, external, optical, cloud

  • CIA

  • Processed 

  • Transmitted –open router, any kinds of way

  • NIC (Ethernet)

  • Blue tooth

  • Wi-Fi

  • Smart phone

Information assurance

  • Root Kit – malware, contaminated software, invisible

  • Security Trade off – security goes up and productivity goes down

  • DOLLS – Network/System Security

  • Diversity – not everything on the network should be the same

  • Obscurity – don’t expose anymore than you can manage; errors

  • Layering – 

  • Limiting – authenticate and authorization

  • Simplicity – 

  • Math problem – number of characters raised to the length of password

Guess

  • Dictionary – 1 word or 1 name

  • Shoulder safe

  • Social engineering

  • Rainbow table (ophcrack)

  • Cross index-hash-password

Algorithm

One way

Fixed length

Unique

15 October 2011

Midterm October 22, 2011

Research project in hand by the 9th week.

October 21, 2011 Homework assignment due

******* Portfolio up to date. All the notes, terms, concepts

Physical Security

Hacker information – if I can touch it then I own it.  Hackers work themselves up the chain of resistance.  

Rebooting with a bootable flash drive.  Unbuntu is a flavor of Lenox.

BIOS  - Where is the OS?  CD, USB – Linux, Floppy, HD

OS –   Windows/Linux

Drivers

Hardware  Account Security Information

HxD – download browser and input AxCrypt – is the way of locking up a file.

What do you need to have symmetric key encryption?

Symmetric key

Encrypt – 1 key

Decrypt – 1 key

Facility Security

  • Assets  - Hardware ,Servers ,Workstations, Routers,(CPU, RAM,HD)

  • Threats – (data theft)

- Power failure, human error, operator, accident, Power surge, device sabotage 

- Natural – weather, earthquake, fire, operator accident, 

 -Device breakage, building collapse – structural failure – bomb – accident - 

  • Threat Agents

  • Exploits

  • Vulnerability – earthquake zone?  Hurricanes- Are we in a flood zone? -> Facility issues? Batteries are used for shutdowns. UIP last longer on a laptop, generators, building characteristics -> cellar, cabinets being waterproof

  • Risk

DOLLS:

  • Diversity

  • Obscurity

  • Layers 

  • Limiting

  • Simplicity

In class senerios:

Disaster Recovery Plan

  • Secure assets

  • Failsafe

  • Fall over’s

Air Force Base

  • On board I.T.   Secure perimeter or secure areas in the perimeter

  • Theft – rogue   Secure building or secure rooms/closets/equipment

  • Infiltration (I.T.)

Hospital – NYC

  • Life Support I.T.

  • OT – anesthesia 

  • Power Loss 

  • Generators – KW/MW   - Reliability, fuel, etc….

Hospital – RGV

  • Patient Information – back ups

  • Lose data/Flood

  • Flash Flooding

Bank - NYC

  • Accounts information

  • Hurricane – Wind/Rain

  • Windows Structure

Bank – RGV

  • Accounts Information

  • Location Structure, insulation






Share in:

Related:

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconUser Define your hard drives as 1024 cylinders, 16 heads and 63 sectors....

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconC: conventional receiver stick mode channel input (rate mode and position mode) S

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconProgram Mode (1) What happens when you hold notes on one program...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconHome run derby an mvp software Production By Dan Hilton copyright...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconUser friendly gui,convenient usage,safe and reliable operation, easy...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconAbstract This paper provides information about the kernel-mode driver...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconSet your camera to manual exposure mode (M). Do not use auto-exposure mode (A)

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconAbstract Windows® BitLocker™ Drive Encryption is a new hardware-enhanced...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconVersions of the anti-viruses with all available updates installed....

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconAs most of you know I run my own business of it management and computer...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconZ”. In mouse move mode you can drag items and windows around but...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconVendor Model Version Access Type Username password privileges Notes...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconThe Basics of Computer Numerical Control

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconService mode the following tasks can be performed while in service mode

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconAbstract This guide helps you to install Windows sbs 2008 in Migration...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconBoot back into normal mode, restart your computer as normal, but...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconNote: To complete the procedure, the Windows Server 2003 cd (or dvd)...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconWe recommend running the guided tour that is included with every...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconDynamic Load Balancing is supported with Secure Path 0C for Windows...

Notes: safe mode runs a minimumdrive. When things go wrong with the computer run safe mode and run repairs. It will open an admin account with basics and large icons. Then go to control panel … user accounts (windows 7 is more secure then xp & vista) iconOriginal cim software will run on Windows 11, Win 95, Win 98, Win me




manual




When copying material provide a link © 2017
contacts
manual-guide.com
search