Tài liệu miễn phí An ninh - Bảo mật
Download Tài liệu học tập miễn phí An ninh - Bảo mật
The upgrade to Windows 2000 Professional is Windows XP Professional. The upgrade to Windows
2000 Server will be Windows Server .NET. Windows 2000 and XP Professional are very similar.
They both inherit multiple security configuration tools from the Windows 2000 platform – but XP
adds some new security features as well. Any study of Windows 2000/XP Professional should keep
in mind the numerous Windows 2000 platform security features.
8/29/2018 4:28:35 PM +00:00
Hello. Welcome to Network Fundamentals. Over the next several modules we are going to look at
various aspects of networking and how computers connect over a network. Understanding the key
issues of networking is critical to being able to secure a network. The basic question comes down to
if you do not understand how a network operates, how are you going to be able to secure it? In this
module, we are going to cover some of the fundamental principles of networking that you will need
to understand in order to build a secure network....
8/29/2018 4:28:34 PM +00:00
In this module we are going to cover various aspects of IP. We are going to start by looking at one
of the most common protocol stacks: The OSI protocol stack and look at how communications is
broken down into seven core areas. We are then going to compare the seven layer OSI stack with
the TCP/IP protocol stack. Then, we are going to cover numbering systems and see how to translate
between decimal and binary.
8/29/2018 4:28:34 PM +00:00
In this module, IP Behavior, we are going to take a look at how to analyze TCP/IP information and
how one would actually go about pulling it off the wire and looking for patterns. The key point when
it comes to security is, “Knowledge is power and ignorance is deadly.” Not understanding what is
occurring on your network can be very dangerous from a security standpoint because if you do not
understand what is occurring, then how can you determine whether it is good or bad?
8/29/2018 4:28:34 PM +00:00
Hello, welcome to Routing Fundamentals. Just like it is important to understand how networks
operate in order to secure them, it is also critical to understand how routers and routing work in order
to have a secure network. What allows people from all over the world to communicate and what
allows the Internet to function is routers. Routers are responsible for determining the path and
sending traffic from source to destination.
8/29/2018 4:28:34 PM +00:00
Most of us have a problem. We are under attack. At this very moment, our internet-connected
computer systems are being subjected to a surprising number of probes, penetration attempts, and
other malicious attention.
In this talk, we will discuss the types of attacks that are being used against our computers, and how to
defend against these attacks.
8/29/2018 4:28:34 PM +00:00
Even as recently as five years ago, many computer industry experts would never have guessed how pervasive and “business critical” electronic messaging would eventually become. The degree to which some information technology professionals are surprised by the pervasive nature of today’s electronic mails systems is merely amusing to those of us that have had an e-mail address for more than 20 years.
I have been using electronic mail of one type or another since 1980 and have specialized in messaging systems since 1988, so it comes as no surprise to me the current dependency that businesses and government entities have on...
8/29/2018 4:28:33 PM +00:00
For our third session of the second part of the course, we will focus on the Windows 95 and
Windows 98 operating systems. The examples are tested on Windows 98 since 95 systems are
starting to be retired. The most important thing to know about this flavor of Windows is there is no
file security.
8/29/2018 4:28:33 PM +00:00
In our next sections together we will consider the Windows NT and Windows 2000 operating
systems. Windows NT was Microsoft’s first effort in building a production server operating system,
and they made a number of changes and improvements in Windows 2000. We are going to take a
quick look at the architecture and file system and then move into the tools that you can use to gather
clues from your operating system.
8/29/2018 4:28:33 PM +00:00
A Unix system can easily be identified by its prompts. When you first
connect to a Unix system, you should receive the login prompt, which is usually
Login: (Note, that the first character may or may not be capitalized.) On
some systems, this prompt may be ;Login: or User: (Again, the first letter
may or may not be capitalized.) This may be preceded by a short message,
8/29/2018 4:28:33 PM +00:00
If attackers are going to take advantage of vulnerabilities, it makes sense that we need to find them
before they do. System, network, and telephone vulnerability scanning tools are a powerful method
of doing this.
Lets take a look at another Internet threat. This is the threat introduced by users who download and run utilities that
are designed to share and search for files across the Internet. Examples are the programs Napster, Gnutella, and more
recently Scour. In the next two slides we’ll examine Gnutella, its function, and the dangers it introduces....
8/29/2018 4:28:33 PM +00:00
Host-based intrusion detection could also be called host-specific intrusion detection, in that its
primary purpose is to detect suspicious activity or known attack patterns on the specific host it is
installed on.
Some host-based intrusion detection systems (HIDS) have a number of host detectors reporting to a
central management console that can flag alerts, centralize logs, and update the host detectors’
policies. Other HIDS are stand-alone.
8/29/2018 4:28:33 PM +00:00
Welcome. As we begin day 2, or the second major set of courses in Security Essentials, the focus
will be on defense in depth. This is a term that was coined by the Department of Defense and is a
crucially important concept in information assurance. The topics that we are going to cover areshown below.
8/29/2018 4:28:33 PM +00:00
In our next section we are going to introduce network-based intrusion detection. The detect engine
in this case is either a firewall, a personal firewall, or an intrusion detection system. All of these
work quite well.
We will begin with a single attack, just to see how one might work and how we might detect it. Then
we will explore the range of tools and show you how you can get in the game with a very low
investment, possibly even free.
8/29/2018 4:28:33 PM +00:00
I never cease to be amazed by the fact that you can’t take a class
in Information Security without being told to do this or that in
accordance with “your security policy”, but nobody ever
explains what the policy is, let alone how to write or
evaluate it.
8/29/2018 4:28:33 PM +00:00
Welcome, let’s take a minute and revisit what we have learned so far. We started out with an
example attack and then focused on one tool that would have given a lot of bang for the buck, a
firewall. If you reflect back carefully on the firewalls and ways to avoid firewalls then you realize
we introduced the concepts of threats and countermeasures. We covered the history of the threat as
far back as 1995 to the most recent type of attacks.
8/29/2018 4:28:33 PM +00:00
I never cease to be amazed by the fact that you can’t take a class in Information Security without
being told to do this or that in accordance with “your security policy”, but nobody ever explains
what the policy is let alone how to write or evaluate it.
That is why we undertook this research and education project into basic security policy. We
hope you will find this module useful and that you will participate in its evolution. Consensus is
a powerful tool. We need the ideas and criticisms from the information security community in
order to make this The Roadmap for usable, effective policy....
8/29/2018 4:28:33 PM +00:00
Now that we know the tools and the primary concepts, this part of the course is designed to help you
pull everything together. This section is especially important if you need to present security
proposals to management. Your next slide, titled Risk Management – Where do I Start presents the
roadmap we showed you almost at the beginning of the course. We will bet you have a much clearer
idea of how to analyze risks and establish a security infrastructure at this point. Let’s go take a look
at the roadmap!...
8/29/2018 4:28:33 PM +00:00
This module will address password security. Although user names and passwords are a familiar
technology, most people are not aware of the inherent weaknesses in many of the different passwordbased
authentication schemes in use today. These weaknesses are important to understand since many
networks would be compromised if passwords on just a few key machines (such as firewalls, DNS
servers, or Windows domain controllers) were known to an attacker.
8/29/2018 4:28:33 PM +00:00
Hello. The material we are going to cover this next hour is central to understanding the theory and
practice of information security. This is a foundational course, developed for the SANS Security
Essentials program. When you complete this course there will be a quiz available from the SANS
web page to help reinforce the material and ensure your mastery of it.
8/29/2018 4:28:33 PM +00:00
Warfare can be broadly defined as the waging of armed conflict against an enemy. In this
module we will consider what warfare means in the context of today's information systems and
networks. We will see that the fundamental principles of warfare known for thousands of years are
still relevant on today's new battleground.
8/29/2018 4:28:33 PM +00:00
Hello. With everything that is occurring on the Internet and all of the articles that have been written,
web security is a very exciting area. Most attacks that are publicized are either directly or indirectly
web-based attacks. Every company and person seems to have a web site, yet most web sites are not designed or built properly from a security standpoint.
8/29/2018 4:28:33 PM +00:00
Some hackers destroy people's files or entire hard drives; they're called
crackers or vandals. Some novice hackers don't bother learning the
technology, but simply download hacker tools to break into computer
systems; they're called script kiddies. More experienced hackers with
programming skills develop hacker programs and post them to the Web
and to bulletin board systems. And then there are individuals who have no
interest in the technology, but use the computer merely as a tool to aid
them in stealing money, goods, or services.
Despite the media-created myth of Kevin Mitnick, I am not a malicious
hacker.
But I'm getting ahead of myself....
8/29/2018 4:28:32 PM +00:00
This handbook provides assistance in securing computer-based resources (including hardware,
software, and information) by explaining important concepts, cost considerations, and
interrelationships of security controls. It illustrates the benefits of security controls, the major
techniques or approaches for each control, and important related considerations.
1
8/29/2018 4:28:31 PM +00:00
T
his book has been a great project to work on. I’d like to thank
the people at Sybex who helped put this book together: Julie Sakaue
and Emily Wolman for their wonderful editorial work, Shannon Murphy
for cracking the scheduling whip and helping keep us all organized,
Judy Fung and Jangshi Wang for making sure all the pages fit, and
Heather O’Connor and Neil Edde for their guidance throughout.
8/29/2018 4:28:31 PM +00:00
A firewall is a piece of software or hardware that filters all network traffic
between your computer, home network, or company network and the
Internet. It is our position that everyone who uses the Internet needs some
kind of firewall protection. This chapter tells you what a firewall does and
sets down the basic questions that you should ask as you are evaluating spe-
cific firewalls.
8/29/2018 4:28:30 PM +00:00
The Little Black Book of Computer Viruses has seen five good years in print. In those five years it has opened a door to seriously ask the question whether it is better to make technical information about computer viruses known or not.
When I wrote it, it was largely an experiment. I had no idea what would happen. Would people take the viruses it contained and rewrite them to make all kinds of horrificly destructive viruses? Or
would they by and large be used responsibly?
8/29/2018 4:28:29 PM +00:00
The way we customize our things says a lot about who we are.
Today, everywhere we look, we are surrounded by a convergence
of media – videogames, advertisements, and television.We are told
what to believe, how to think, and how to act.We are told what’s
cool and what’s not, what we should buy, what we should wear, and
what music we should listen to.
Hardware hacking has never been about what the mainstream
media thinks. It’s about creativity, education, experimentation, personalization,
and just having fun.This book is no different....
8/29/2018 4:28:29 PM +00:00
Our magazine is more than just eighty printed pages
enclosed in a colourful cover. Just take a look at our
website, forum, online store, hakin9.live... All this
just for you, our valued readers.
Our primary goal is to help you expand your knowledge.
And we are constantly trying to fi nd new ways to reach this
goal. There is probably no need to mention that in both the
current and future issues of the hakin9 magazine you will
fi nd valuable articles showing you secrets of IT security. But
there is more to it....
8/29/2018 4:28:28 PM +00:00
Preface
Security has been a human concern since the dawn of time. With the rise of the digital society, information security has rapidly grown to an area of serious study and ongoing research. While much research has focused on the technical aspects of
computer security, far less attention has been given to the management issues of information risk and the economic concerns facing firms and nations.
8/29/2018 4:28:28 PM +00:00