9 September 2011
Information Security, MIS 6391
Problems with laptops:
- Convenient but very dangerous as far as security, personal & business information.
Privileges on a guest account
- guests accounts do have limited access but do have access to some software
- computer can still be used
- No guest account should be on your computer
- Administrator or root – hacker can do anything if he escalates his privileges. -----
this is the access a hacker wants to “escalate privileges”
Passwords: guessing of common passwords
BIOS – Basic Input Output System (Power, CPU, HD) (motherboard is thinking… can I
boot?) booting process
- do I have power, CPU, and hard drive
- RTFM = read manuel
- BIOS will look for the master boot record
Master boot record (where is OS?) (windows XP SP3 updates) you need to
know what software it is to use correct hacking
Operation System – kernel runs your hardware; RAM (blue screen is when
RAM is messed up)
Desktop will load
Network services load
- Drivers are software. Its only purpose is the hardware needs to talk to the
- Hash – is an algorithm, a calculation, a result from the password.
- CISO –Chief information Security Officer
Type of Control Interface
Hacker will exploit everything
- Guessing is easier
Zero Day Exploit – defenders does not know / neg. day is before hacker finds in
Command Prompt can give you full level of control.
- 1st line … at end type control userpasswords 2 or Boot from CD (Toshiba F12)
How do you get pw’s?
- if you have saved pw’s it is easy, it goes to HD pw bank
- saved pw (HD)…. Save HASH index
Notes: safe mode runs a minimumdrive. When things go wrong with the computer
run safe mode and run repairs. It will open an admin. account with basics and large
icons. Then go to control panel … user accounts (windows 7 is more secure then XP
Information Technology side --------------------------------------------- Users (managers)
5 kinds of computer devices:
2. Process - CPU
4. Communication – network interface card (I/O)
- Piracy – digital format that consist of bit, 1, 0; binary/base 2
- Old PC’s had 4KB of RAM---à8GB RAM
- Internet – 1999 Napster
- DRM – Digital Rights Management – intellectual property protection
1. Technological Factors?
- Encrypt – scrambling
- Decrypt - unscramble
2. Business/Economic Factors?
- MP3 has no DRM
- You can buy singles rather than the whole record – change the bundle
- Changed the price
3. Behavioral Factors?
- no technical barrier to end piracy
- it’s so easy to buy a song and it is cheap
- Path starts with a partition is far downs as it goes. On the partition, there is a root
folder \root folder\...\...\
- .DLL – dynamic Links Library – pre written program
Internet traffic – TCP/IP – when you do your email, all your traffic is using this system
IP does address and you can find your position on the network - internet protocol
TCP reads errors
LAN – Local Area Network
10 September 2011
- Anchor Point
Starting position for debate
Gourmet meal vs snack at grocery store/ harder critique
McDonald’s vs snack at grocery store/ softer critique
- Retaliate Counter Strike
3. Cyber Warfare
- Cyber-Criminal – 16 yr old British student hacker (Richard Clarke)
- TCP/IP – geo locate
- State actors
- Non state actors
- State targets -
5. Cyber terrorism
- Politically motivated
- Military – invasion attacks
- 1. Firewalls
- 2. Antivirus
Defend/Response - In normal ware fare in traditional means:
1. Have we been attacked?
DDOS – trying to tie up their phone lines.
Root kit – its invisible; get hacked and don’t even know it. It alters system files and there
is an antivirus component.
2. Have we been damaged? - You can see the damage on attack. (Smoke from bombs)
3. Who/what was damaged? – make an assessment to see what was damaged or attacked;
system, database, etc.
4. How was attack done? / IS damage still underway?
6. WHO did it? ---- IP address is only a location----- MAC address – Media Access
They are never going to hack from their home live network and use Tore - Proxy – TOR
7. Data Validation – inputted data validation
Ware fare- is a bad idea – ware fare is a bad analogy.
Richard Clark - "actions by a nation-state to penetrate another nation's computers or
networks for the purposes of causing damage or disruption."
In computers, the hardest thing in IT is to understand IT in a thing of itself. When the
Internet was first made, people could share data. In the long run, the internet has been a
highway for stealing movies. They were not thinking of that back then.
Hackers cannot be deterred. RTFM – means read the manual.
- Hackers have a personal interest while the nation state is a political move.
- It might be possible to catch a nation’s state.
Internet Service Providers--- routers (crosses between networks) --- switch (LAN) ---
When you present, be articulate, speak directly to your audience, use body language, six
bullets per slide, legible, six words per bullets, watch the timing,
17 September 2011
IP ----- where on network
- Switch – connects machines inside the LAN
- Router – takes you from one network to the other.
- ARP – Address Resolution Protocol
- NIC - MAC --- IP address
- Access point
ARP –s, then command you are going to work on
Internet address is the gateway
Physical address in the MAC address
ARP poising attack or redirect
- Spoof –
A hacker can hack it because they know what they are doing.
* If we know what kind of devices they have, we would already know the system that are
Ports – 80
When you get an IP address, it can be static or dynamic
tracert – traces the route
- Virus – self replicating right over programs that were supposed too be there.
- Keylogger – software
- Trojan – email/webpage – “don’t click on the link”
- Worm - very dangerous because it is very fast.
- Social engineering – just causes and asks
- Logic bomb/time bomb
Black-hat – causing a crime; if you are breaking the law
Grey hat – doesn’t have permission, illegal root access, but they are not
breaking the law. They provide service to the white hats.
White-hat – these are the good guys, doing things illegal, but they have
permission. Probably a consultant, in house guy.
* Script kiddies – doesn’t really know what he is doing but he uses fires heep
DOS attackers that use botnet such as gangs and organized crime; reputation.
Distributed denial of service
Identity theft – data is worth dollars
- Encryption -
- System - root or administrator; you have full control
Software: Big 4
2. Firewall(SW-personal) (HW-commercial)
3. Anti-spyware – spybot S&D
4. Anti-root kit -
******* avg – free, spybot, download.com, comodo, fireball, kaspersky
- Information – Personal Identifiers – D.L #, SS #, Credit Card #, etc. Keep them
- Groups – with privileges--- this is a match between individuals and data
Security Software – virus signature
2. Network administrator
4. Information Owner – the person in the manager sense; In charge of the
accounts of money in the department.
5. Generates money ---- uses, oversees
6. Information custodians – these are the person in charge of the information;
people in IT and running data bases.
7. End users -
FERPA – Family Education rights and Privacy Act
Training – everyone needs to be familiar with procedures
Confidentiality - authorized Access; authenticated
- Logon, password
- Dongle – usb key containing information.
- It has an authorization code and run the software. Characteristics of Info
Integrity – data is complete and it’s correct.
Availability - data proc/system
What is a port – it is a pathway
IP: Port # goes to the service, and then software will look at it.
The attacks now are much faster. Now you have worms, in 90 minutes, 1 billion dollars
Stuxsnet – worst virus around; attacks nuclear reactors.
1 October 2011
- Distribution public/private
Jim – VP HR Brian – CIO
- Talked to engineers talked to IT
- Apps broken Response: kill old accounts, trace VPN’s, and deploy backups
- Accessing data base
- Old accounts
- doc Cryptography: secret writing
- Crypt system: “unkeyed”
- Pgpzip VPN encrypted: assets
- Cenartech IT:
Red Zone: Public facing/guest internet
Yellow Zone: internal use only; workers; firewall/filtered
Green Zones: TOP SECRET; financial system
**** Firewalls separate the zones
Public website – demilitarize zone
Logging unusual pattern
Disaster Recover: fail safe/fail over
Bob Secret Message Alice
What is your public key? ---------------- PKI
-----------------------------------------------------Public key encrypt his message-----------------
----------------------------------------------------- Encrypt message---------------------------------
1. What is your public key?
2. Keys, public, private
3. Encrypt message then decrypts with a public key
Assets: Information Classification Factor
IBAC – identity Base Access Control
- Privileges are linked to the person
RBAC – Role Base Access Control
Group 1: privileges
Group 2: privileges
Group 3: privileges
Active directory: Master data base
Insider – privileges
Factors: single and multiple
- Rainbow tables
- Social engineering – get the person to tell you/charming
- Shoulder surfing – watching browser
Public Key Cryptography
- Encrypt ->scrambler
- Sign – digital certificate/hashed certificate/hash –one way algorithm
Cryptography – symmetrical codes
- Single key/shared
- Reversible algorithm
https – secure
ARP – address resolution protocol: used to convert an IP address into a physical spoofed
website: a fraudulent website. Public/private key pair
- Wire shark – ease dropping
- packet sniffer - software that talks to the NIC
> Key pair 2-key
> Trap door algorithm
> 1-way algorithm
> Slow complex
Public key encrypts his message and decrypts with her private key.
Bob message Alice
1. Encrypt with private key ---------------------------------------------------- receive
What is Bob’s ---------------------------------------------------------------
2. -------------------------------------------------- Public key
3. Decrypts with public key
- Nbtstat-a, an
DNS – ip address/ URL
NIC- Network Interface Card. Address of the NIC is MAC
Fuzz a port – submitting random programs to find a break
Hacker – interested in programming
- Encryption DRM – digital rights management
The word hacker comes from a term “I’ll hack away at it” difficulty
Enthusiasm –enjoys and determined
Innovation – creative
Skillz – 1337, expertise, leet, elite
> Notoriety/reputation based
1. Info should be free
2. Authority must be mistrusted
3. Access should be unlimited
4. Judge by skillz
6. Computer can change your life for the better
2. Procedures CIA: Confidentiality, Integrity, Availability
2. Threats (outcome)
- Identity theft
- Data theft
- Crash system
3. Threat agent – person who gets in and steals data; worm
5. Exploits/events – use the threat agent (means)
3 states that must be protected
- Stored – tapes, hard drives microfilm, flash drives, portable HD, external, optical,
- Transmitted –open router, any kinds of way
- NIC (Ethernet)
- Blue tooth
- Smart phone
- Root Kit – malware, contaminated software, invisible
- Security Trade off – security goes up and productivity goes down
- DOLLS – Network/System Security
- Diversity – not everything on the network should be the same
- Obscurity – don’t expose anymore than you can manage; errors
- Layering –
- Limiting – authenticate and authorization
- Simplicity –
- Math problem – number of characters raised to the length of password
- Dictionary – 1 word or 1 name
- Shoulder safe
- Social engineering
- Rainbow table (ophcrack)
- Cross index-hash-password
15 October 2011
Midterm October 22, 2011
Research project in hand by the 9th week.
October 21, 2011 Homework assignment due
******* Portfolio up to date. All the notes, terms, concepts
Hacker information – if I can touch it then I own it. Hackers work themselves up the
chain of resistance.
Rebooting with a bootable flash drive. Unbuntu is a flavor of Lenox.
BIOS - Where is the OS? CD, USB – Linux, Floppy, HD
OS – Windows/Linux
Hardware Account Security Information
HxD – download browser and input AxCrypt – is the way of locking up a file.
What do you need to have symmetric key encryption?
Encrypt – 1 key
Decrypt – 1 key
- Assets - Hardware ,Servers ,Workstations, Routers,(CPU, RAM,HD)
- Threats – (data theft)
- Power failure, human error, operator, accident, Power surge, device sabotage
- Natural – weather, earthquake, fire, operator accident,
-Device breakage, building collapse – structural failure – bomb – accident -
- Threat Agents
- Vulnerability – earthquake zone? Hurricanes- Are we in a flood zone? -> Facility
issues? Batteries are used for shutdowns. UIP last longer on a laptop, generators,
building characteristics -> cellar, cabinets being waterproof
In class senerios:
Disaster Recovery Plan
- Secure assets
- Fall over’s
Air Force Base
- On board I.T. Secure perimeter or secure areas in the perimeter
- Theft – rogue Secure building or secure rooms/closets/equipment
- Infiltration (I.T.)
Hospital – NYC
- Life Support I.T.
- OT – anesthesia
- Power Loss
- Generators – KW/MW - Reliability, fuel, etc….
Hospital – RGV
- Patient Information – back ups
- Lose data/Flood
- Flash Flooding
Bank - NYC
- Accounts information
- Hurricane – Wind/Rain
- Windows Structure
Bank – RGV
- Accounts Information
- Location Structure, insulation