NETWORK SECURITY
SEARCHING & ANALYSING INFORMATION
MAI Xuân Phú
1
Last lecture
2
Review
o
OSI model
o
TCP/IP
o
Collision domain & broadcast domain
o
Well-known protocols
•
HTTP, FTP, DNS, SMTP, POP, IMAP, TCP, UDP, IP, ARP…
o
Network devices
Overview of network security
o
Definitions
o
Tasks of Network Security
o
Attacks, services and mechanisms
o
Security attacks
o
Security services
o
Methods of Defense
o
A model for Internetwork Security
Today
3
Introduction
Footprinting
Scanning
Enumeration
Thanks
Some contents of this course are referenced from:
o
William Stallings, Cryptography and Network Security, slides by Lawrie Brown
o
Henric Johnson, Network Security, Blekinge Institute of Technology, Sweden
o
J. Wang, Computer Network Security Theory and Practice, Springer, 2009
o
Security+ Guide to Network Security Fundamentals, Third Edition
o
Jim Kurose & Keith Ross, “Computer Networking: A Top-Down Approach”, 5
th
edition,
Addison Wesley, 2009
o
Jean-Pierre Lips, Sécurité des Sécurité des Systèmes d'Information, Université de Nice-
Sophia Antipolis
o
Certified Ethical Hacker (CEH), 7th Version
o
Renaud BIDOU, Security Training
4
Contents
5
Introduction
Footprinting
Scanning
Enumeration
Information
Information as a concept has numerous meanings, from everyday usage to
technical settings.
Generally speaking, the concept of information is closely related to notions of constraint, communication,
control, data, form, instruction, knowledge, meaning, mental stimulus, pattern, perception, and representation.
(source: wikipedia)
Where are information?
6
Business
Information to banks?
Information to enterprise?
Information to military, to government?
7
System
Information to a server?
Information to an administrator?
8
Gathering information
How to gather information?
What will we process these information?
9
Contents
10
Introduction
Footprinting (CEH v7, chapter 2)
Scanning
Enumeration
Contents
11
Introduction
Footprinting
Scanning (CEH v7, chapter 3)
Enumeration
Contents
12
Introduction
Footprinting
Scanning
Enumeration (CEH v7, chapter 4)
References
William Stallings, Network Security Essentials, 2
nd
edition
William Stallings, Cryptography and Network Security, 4
th
Edition
Mike Pastore & Emmett Dulaney, CompTIA Security+ - Study guide, 3
rd
edition,
Wiley Publishing, 2006.
Cryptography and Network Security Principles and Practices
Jie Wang, Computer Network Security - Theory and Practice, Springer
Justin Clarke & Nitesh Dhanjani, Network Security Tools, O'Reilly, April 2005
Certified Ethical Hacker, 7
th
version: chapter 2, 3 & 4
ISO 17799
13
Discussion
Questions?
Ideas?
Suggestions?
14
Lab 1
List all information of this university network
o
Server
o
IP
o
DNS
o
…
Work in group
Sending task to
15