Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
Crack
Crack is a freely available program designed to find standard Unix DES-encrypted passwords by standard guessing techniques. It is written to be flexible, configurable and fast, and to be able to make use of several networked hosts via the Berkeley rsh program (or similar), where possible. This program checks your users' passwords for guessable values. It works by encrypting a list of likely passwords and seeing if the result matches any of your user's encrypted passwords (which must be provided to it). It is surprisingly effective and easy to use....
8/29/2018 4:40:35 PM +00:00
Introduction to Encryption I
Since this course is an introduction to encryption, we should cover what it is. Cryptography means “hidden writing”, and various forms of hidden writing have been used throughout history. One of the main goals of cryptography is to communicate with another party in such a way that if anyone else is listening, they cannot understand what you are saying. So, in its most basic form cryptography garbles text in such a way that anyone that intercepts the message cannot understand it.
8/29/2018 4:40:35 PM +00:00
Introduction to Encryption II
Without cryptography there is no e-business, no viable e-commerce infrastructures, no military presence on the Internet and no privacy for the citizens of the world. There are numerous and continually increasing everyday instances in which we encounter cryptosystems at work and at play, often without even realizing it. The underlying cryptographic infrastructure actually works so well that we only take notice when it is absent, or implemented incorrectly!
8/29/2018 4:40:35 PM +00:00
WINDOWS NT SECURITY STEP BY STEP
One of the great sources of productivity and effectiveness in the community of computer professionals is the willingness of active practitioners to take time from their busy lives to share some of the lessons they have learned and the techniques they have perfected. Much of the sharing takes place through online news groups, through web postings, and through presentations at technical meetings, and those who are able to take the time to scan the newsgroups, surf the web, and attend the meetings often gain measurably from those interactions....
8/29/2018 4:40:35 PM +00:00
Securing Linux step-by-step
Several other mail transfer agents are available to replace sendmail. Two popular aternatives are Qmail (www.qmail.org) by David Bernstein, and Postfix (www.postfix.org) by Wietse Venema. Both of these MTAs were designed and written from the ground up with security and performance in mind. It is beyond the scope of this guide to give details on installing and configuring either of these alternatives, but a wealth of information is available on the Internet.
8/29/2018 4:40:35 PM +00:00
Windows Backups
We will review backup strategies, techniques and other practices that make system and data recovery a reliable and viable option when data loss occurs. Superb backup tools exist for the Windows platform. A recent SANS Institute survey indicates that several backup programs are in wide use. Veritas’ (formerly Seagate’s) BackupExec and Computer Associates’ ARCServe programs were the most popular products in this survey. Legato’s Networker is also represented and is a good tool for managing backups in a combined Windows/Unix network....
8/29/2018 4:40:35 PM +00:00
TCP/IP Reference Materials
Referenced Links • Ethernet vendor codes: www.cavebear.com/CaveBear/Ethernet/vendor.html • Port assignments, IP protocols, general reference: ftp.isi.edu/in-notes/iana/assignments Recommended Reading • TCP/IP Illustrated, Volume 1 The Protocols – W. Richard Stevens • Internetworking with TCP/IP Volume 1 – Douglas Comer • Internet Core Protocols – Eric A. Hall
8/29/2018 4:40:35 PM +00:00
IP Behavior - Part 1
On slide “tcpdump”, we see that tcpdump is a program that will read traffic on the network. By default, it will collect and print, in a standard format, all the traffic passing on the network. There are command line options for tcpdump that will alter the default behavior, either by collecting specified records, printing in a more verbose mode (-v), printing in hexadecimal (-x) or writing records as “raw packets” to a file (-w) instead of printing as standard output.
8/29/2018 4:40:35 PM +00:00
IP Routing
Tham khảo bài thuyết trình 'ip routing', công nghệ thông tin, an ninh - bảo mật phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả
8/29/2018 4:40:35 PM +00:00
Information Security: The Big Picture – Part I
Hello, and welcome to Information Security: The Big Picture. My name is Stephen Fried, and over the course of the next six hours I will be guiding you on a tour of the world of information security. This course provides an introduction into the area of computer and network security. As more and more people and companies connect to the Internet, the incidence of hacker attacks, break-ins, and vandalism continues to increase.
8/29/2018 4:40:34 PM +00:00
Information Security: The Big Picture – Part 3
The Internet Protocol (IP) is the protocol by which information is sent from one computer to another on the Internet. Each computer on the Internet has at least one address that uniquely identifies it from all other computers on the Internet. When you send or receive data (for example, an e-mail note or a web page), the message gets divided into little chunks called packets.
8/29/2018 4:40:34 PM +00:00
Information Security: The Big Picture – Part IV
You hear a lot of talk about firewalls in relation to network security. The name “firewall” comes from the building industry and it denotes a wall constructed to stop (or at least slow) the spread of fire from one space to another. In network security, a firewall serves the same purpose. But instead of being built from bricks or steel it is built with computers and routers. But the concept is still the same. A network firewall is designed to protect what’s “inside” the firewall from what may be “outside.” Most often, you will hear firewalls used in reference to Internet protection, and most...
8/29/2018 4:40:34 PM +00:00
Information Security: The Big Picture – Part V
The World Wide Web has become the de facto communications medium for the Internet. Millions of people use it every day to get information, communicate with coworkers, buy and sell goods, entertain themselves, and keep up to date with current events. However, most of these people have very little knowledge about how the web actually works. On this slide we will give you a brief introduction to the web and tell you everything you always wanted to know about the web but were afraid to ask. All in less than three minutes....
8/29/2018 4:40:34 PM +00:00
Windows 2000
As we begin to focus on Windows 2000 for the rest of this section, the three primary differences from Windows NT are: Active Directory, Group Policy, and templates. We will first introduce the Active Directory. Years ago, a standards organization called the CCITT (now International Telecommunication Union, or ITU) created a recommendation for a standard for a world wide directory service that was ratified by the International Organization for Standards (ISO).
8/29/2018 4:40:34 PM +00:00
Securing and Auditing Unix
Welcome to Unix and Linux, security for these operating systems is a complete paradigm shift from Windows. Unix has been around a lot longer. The source code for Linux is freely available, so would be attackers are free to examine it and test it for holes such as buffer overflows and deadlock conditions.
8/29/2018 4:40:34 PM +00:00
Windows Backups - Security Essentials The SANS Institute
We will review backup strategies, techniques, and other practices that make system and data recovery a reliable and viable option when data loss occurs. Superb backup tools exist for the Windows platform. A recent SANS Institute survey indicates that several backup programs are in wide use. Veritas’ (formerly Seagate’s) BackupExec and Computer Associates’ ArcServe programs were the most popular products in this survey. Legato’s Networker is also represented and is a good tool for managing backups in a combined Windows/Unix network....
8/29/2018 4:40:26 PM +00:00
Windows Auditing
Greetings! This section of the course covers auditing Windows as a method of verifying that your computer systems remain secure. One of the key concepts that we have emphasized throughout this course is in order to have a secure system you must know your system. If you do not understand what is running on your system, how will you be able to secure it? In this module, we give you the information and tools you need to “know thy systems” and therefore secure them.
8/29/2018 4:40:26 PM +00:00
Internet Information Server (IIS) Security
In this section we are going to cover some of the key aspects that need to be addressed in order to have a secure web server using IIS. It is important to note that a system is only as secure as its weakest link and therefore any web server must be built on a secure and hardened Windows 2000 system. Securing Windows 2000 is not covered in this section but has been covered in a previous module. So before you install IIS make sure that you spend the time to properly harden your base operating system. Once you have a secure operating system configured, you...
8/29/2018 4:40:26 PM +00:00
Windows Security Day 5
In this module we are going to look at legacy Windows Desktops. This includes Windows 98 and Me, which are similar. The most important thing to know about Windows 98 and ME is there is no file security and there is no authentication necessary. Even if you configure the system for multiple users and have a password screen at bootup, anyone can hit “Cancel” and still get in. Access to files depends on access to the machine.
8/29/2018 4:40:26 PM +00:00
Unix for Security Professionals full
Like most operating systems in the last 40 years, Unix uses a hierarchical tree-structured file system (interestingly, tree-structure and other aspects of the Unix file system are a direct result of the original Unix developers being influenced by the Multics project they had been working on). Directories contain files and subdirectories which, may in turn, contain other files and subdirectories, and so on.
8/29/2018 4:40:26 PM +00:00
Unix for Security Professionals
Note that we are intentionally leaving out certain systems because they are too complicated to be appropriately handled in the time permitted. These services are covered in detail in courses from the SANS Unix Security curriculum: • NTP, Apache, DNS, and Sendmail are all covered in the Running Unix Applications Securely course (day four of the curriculum). • Topics in Unix Security (day three) spends half a day talking about SSH. • RPC-based applications (including NFS and NIS) and vulnerabilities are covered in more detail in the Common Unix Vulnerabilities class (day one)....
8/29/2018 4:40:26 PM +00:00
Information Security: The Big Picture – Part III
The Internet Protocol (IP) is the protocol by which information is sent from one computer to another on the Internet. Each computer on the Internet has at least one address that uniquely identifies it from all other computers on the Internet. When you send or receive data (for example, an e-mail note or a web page), the message gets divided into little chunks called packets. Each of these packets contains both the sender's Internet address and the receiver's address.
8/29/2018 4:40:26 PM +00:00
Security Essentials Day 4
Hello, welcome to Introduction to Encryption I. This is one of the most important classes we have the privilege to teach as part of the SANS’ Security Essentials course. Encryption is real, it is crucial, it is a foundation of so much that happens. I guess you know that one of the SANS mottos is, “Never teach anything in a class the student can’t use at work the next day.” One of our goals in this course is to help you be aware of how cryptography is used in our world.
8/29/2018 4:28:35 PM +00:00
The Introduction to Encryption II
This is the second of two of the most important classes we have the privilege to teach as part of the SANS Security Essentials course. In the first course, we went on a quick tour of some of the important issues and concepts in the field of cryptography. We saw that encryption is real, it is crucial, it is a foundation of so much that happens in the world around us today --and, most of it in a manner that is completely transparent to us.
8/29/2018 4:28:35 PM +00:00
Introduction to VPNs, PKI, and PGP
Hello, in this module we continue our discussion of encryption and we look at some practical applications of it. We start off by looking at VPN’s or virtual private networks and see how you can use them to create secure communications using public networks such as the Internet. We than briefly look at the problem of key management and finish our discussion with a look at PGP or Pretty Good Privacy, which is an application that allows you to encrypt files and send encrypted email.
8/29/2018 4:28:35 PM +00:00
Steganography
Now that we have taken a detailed look at cryptography, lets take a look at another related area, which is steganography or data hiding. Steganography (“stego”) is related to cryptography (“crypto”) because with both fields you do not want someone to be able to read your message, but stego does it with a slightly different approach.
8/29/2018 4:28:35 PM +00:00
Malicious Software
Picture this - the trade press is all abuzz with warnings of a new killer virus, Child of Chernobyl. Recall that Chernobyl struck on April 26, 1999. In Korea alone, it affected as many as a million computers, causing more than $250 million in damages. The boss has just come down with a magazine article in hand and has told you to drop everything.
8/29/2018 4:28:35 PM +00:00
Wireless Networking Security
Hello, in this module we are going to discuss wireless networking. Specifically, we'll take a look at how wireless technology works, how it is commonly deployed, and the security issues associated with using it. Because wireless communications can penetrate opaque objects such as buildings, the risk of someone accessing a private network increases markedly. With wireless, an attacker does not need to gain access to physical cables or jacks, but only needs to have an antenna and be within range of the transmissions....
8/29/2018 4:28:35 PM +00:00
Windows NT Security
Hello, and welcome to Windows NT Security Step-by-step, a survival guide for Windows NT security. This presentation is based on the material from the SANS Institute Windows NT Security Step-by-step Guide, which offers a consensus document by security professionals from 87 large organizations. It helps show you what you need to do to have a secure Windows NT implementation.
8/29/2018 4:28:35 PM +00:00
Windows 2000 Security
This section will build on the basic NT security knowledge you have already gained. However, you will find that every NT security function is magnified in Windows 2000, and Windows 2000 has ten times the security features available in Windows NT. If NT were a row boat, Windows 2000 is the QE2. If NT were a cottage, then Windows 2000 is a 56 room mansion. Active Directory, security templates.
8/29/2018 4:28:35 PM +00:00