NETWORK SECURITY
SEARCHING & ANALYSING
INFORMATION
MAI Xuân Phú
1
Last lecture
Review
o
o
o
o
OSI model
TCP/IP
Collision domain & broadcast domain
Well-known protocols
• HTTP, FTP, DNS, SMTP, POP, IMAP, TCP, UDP, IP, ARP…
o Network devices
Overview of network security
o
o
o
o
o
o
o
Definitions
Tasks of Network Security
Attacks, services and mechanisms
Security attacks
Security services
Methods of Defense
A model for Internetwork Security
2
Today
Introduction
Footprinting
Scanning
Enumeration
3
Thanks
Some contents of this course are referenced from:
o William Stallings, Cryptography and Network Security,
slides by Lawrie Brown
o Henric Johnson, Network Security, Blekinge Institute of
Technology, Sweden
o J. Wang, Computer Network Security Theory and Practice,
Springer, 2009
o Security+ Guide to Network Security Fundamentals, Third
Edition
o Jim Kurose & Keith Ross, “Computer Networking: A TopDown Approach”, 5th edition, Addison Wesley, 2009
o Jean-Pierre Lips, Sécurité des Sécurité des Systèmes
d'Information, Université de Nice-Sophia Antipolis
o Certified Ethical Hacker (CEH), 7th Version
o Renaud BIDOU, Security Training
4
Contents
Introduction
Footprinting
Scanning
Enumeration
5
Information
Information as a concept has numerous
meanings, from everyday usage to technical
settings.
Generally speaking, the concept of information is closely related
to notions of constraint, communication, control, data, form,
instruction, knowledge, meaning, mental stimulus, pattern,
perception, and representation. (source: wikipedia)
Where are information?
6
Business
Information to banks?
Information to enterprise?
Information to military, to government?
7
System
Information to a server?
Information to an administrator?
8
Gathering information
How to gather information?
What will we process these information?
9
Contents
Introduction
Footprinting (CEH v7, chapter 2)
Scanning
Enumeration
10
Contents
Introduction
Footprinting
Scanning (CEH v7, chapter 3)
Enumeration
11
Contents
Introduction
Footprinting
Scanning
Enumeration (CEH v7, chapter 4)
12
References
William Stallings, Network Security Essentials, 2nd
edition
William Stallings, Cryptography and Network Security,
4th Edition
Mike Pastore & Emmett Dulaney, CompTIA Security+ Study guide, 3rd edition, Wiley Publishing, 2006.
Cryptography and Network Security Principles and
Practices
Jie Wang, Computer Network Security - Theory and
Practice, Springer
Justin Clarke & Nitesh Dhanjani, Network Security Tools,
O'Reilly, April 2005
Certified Ethical Hacker, 7th version: chapter 2, 3 & 4
ISO 17799
13
Discussion
Questions?
Ideas?
Suggestions?
14
Lab 1
List all information of this university network
o
o
o
o
o
o
Servers
IPs
DNS
Topology
Sites
…
Work in group
Send task to
o Subject: “[DHTH5] – Lab 1 Submission – Group X”
o Attached file: “Lab 1 – Group X.zip”
15