DOCSLIB.ORG

Ethical Hacking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ethical Hacking ISA 330 Introduction to Proactive System Security Week #1 Ethical Hacking Philip Robbins – August 31, 2013 Information Security & Assurance Program University of Hawai'i West Oahu 1 Ethical Hacking Topics • Introductions • Syllabus Review • Fundamentals of Ethical Hacking • Class Discussion • Tools • Security Resources • Review Questions, Q&A 2 Introductions Who am I? • Information Systems Authorizing Official Representative ‐ United States Pacific Command (USPACOM) ‐ Risk Management Field ‐ Assessments to USPACOM Authorizing Official / CIO • Former Electronics & Environmental Engineer • Bachelor of Science in Electrical Engineering • Master of Science in Information Systems • Ph.D. Student in Communication & Information Sciences • Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP) 3 Syllabus Class Textbook 4 Fundamentals “A locked door keeps an honest man out.” 5 Fundamentals • Introduction to Proactive System Security What this class IS about: An introductory course in adopting a proactive (v.s. reactive) stance towards systems security. What this class IS NOT about: An offensive class in hacking. How does one better understand how to defend against system security attacks? By performing and testing against them. 6 Fundamentals • In the news: Facebook CEO personal page hacked by Palestinian white hat. Chinese suffers largest internet attack in history. Syrian Electronic Army takes down the New York Times. http://www.cnn.com/video/data/2.0/video/world/2013/08/19/worldone‐clancy‐zuckerberg‐facebook‐security‐flaw.cnn.htm 7 Fundamentals • In the news: Facebook CEO personal page hacked by Palestinian white hat. Chinese suffers largest internet attack in history. Syrian Electronic Army takes down the New York Times. http://money.cnn.com/2013/08/26/technology/china‐cyberattacks/index.html 8 Fundamentals • In the news: Facebook CEO personal page hacked by Palestinian white hat. Chinese suffers largest internet attack in history. Syrian Electronic Army takes down the New York Times. http://www.cnn.com/2013/08/30/opinion/lewis‐hackers‐nyt/index.html?iref=allsearch 9 Fundamentals • What is Hacking? Classical Definition: Seeking to understand computer systems strictly for the love of having that knowledge. BEFORE Modern Definition: Illegal access to computer or network systems. NOW 10 Fundamentals • What is a “Hacker”? 11 12 Fundamentals Who/what is a “Cracker”? Term used to describe a hacker with malicious intent. Crackers (cyber criminals) get into all kinds of mischief, including breaking or "cracking" copy protection on software programs, breaking into systems and causing harm, changing data, or stealing. 13 Fundamentals • “Hacker” v.s. “Cracker”? ‐ Today there’s no real distinction between the two terms. Hacker = Cracker However… ‐ Some hackers regard crackers as less educated. ‐ Some crackers don’t create their own work; simply steal other people's work to cause mischief, or for personal gain. 14 Fundamentals • Who are “Script kiddies”? ‐ Unskilled individuals who use scripts or programs developed by knowledgeable programmers to attack computer systems. ‐ Generally considered “posers” or “kiddies” lacking the ability to write sophisticated scripts or programs on their own. ‐ Usually seeking to gain credit or impress their friends. 15 Fundamentals What is an “Ethical Hacker”? • Oxymoron: Honest Criminal ‐ A new breed of network defenders. ‐ Performs the same activities a hacker does but with the owner / company’s permission. ‐ Usually contracted to perform penetration testing. 16 Fundamentals • Penetration Testing ‐ Discover vulnerabilities. ‐ Perform attack and penetration assessments. ‐ Perform discovery and scanning for open ports & services. ‐ Apply exploits to gain access and expand access as necessary. ‐ Activities involving application penetration testing and application source review. ‐ Interact with the client as required. ‐ Produce reports documenting discoveries during the engagement. ‐ Report your findings with the client at the conclusion of each engagement. v.s. • Security Testing + Participate in research and provide recommendations for improvement. + Participate in knowledge sharing. 17 Fundamentals • Why perform Penetration Tests? 18 Fundamentals • Steps for a Penetration Test Step #1: Planning Phase ‐ Scope & Strategy of the assignment is determined. ‐ Existing security policies and standards are used for defining the scope. Step #2: Discovery Phase ‐ Collect as much information as possible about the system including data in the system, user names and even passwords (fingerprinting). ‐ Scan and Probe into the ports. ‐ Check for vulnerabilities of the system. Step #3: Attack Phase ‐ Find exploits for various vulnerabilities. ‐ Obtain necessary security Privileges to exploit the system & exploit. 19 Fundamentals • Steps for a Penetration Test Step #4: Reporting Phase ‐ Report must contain detailed findings. ‐ Risks of vulnerabilities found and their impact on business ‐ Recommendations for solutions, if any (Security Testing). 20 Fundamentals • Penetration Testing Limitations ‐ Can’t find all the vulnerabilities on a system. ‐ Time for tester ‐ Budget ‐Scope ‐ Skills of testers ‐ Data loss and corruption ‐ Downtime for organization ‐ Increased costs for organization* * How could pen testing decrease costs for an organization? 21 Fundamentals • Roles & Responsibilities of the Pen‐Tester ‐ Testers should collect required information from the Organization to enable penetration tests (depending on the type of testing model). ‐ Find flaws that could allow hackers to attack a target machine. ‐ Pen Testers should think & act like real hackers (ethically). ‐Tester should be responsible for any loss in the system or information during the testing. ‐ Tester should keep data and information confidential. 22 Fundamentals • Types of Pen‐Testing Methodologies White Box Model ‐ Tester is given the company network topology, info on technology used, and permission to interview all employees (including IT personnel). Black Box Model ‐ Tester is not given any information. ‐ Management doesn’t tell staff about the pen test being conducted. ‐ Help determine if company’s security personnel are able to detect attacks. Gray Box Model ‐ Hybrid of the white and black box models. ‐ Tester may get partial information. 23 Class Discussion • Which pen‐testing category / model closely mimics that of an insider threat? • Which type of pen‐testing model is better suited for an organization on a extremely limited budget? • Which pen‐testing model is most accurate? Which can be considered to have the greatest drawback? 24 Class Discussion 25 Fundamentals • Types of Hats - White Hats (Ethical / Pen-Testers improving security) - Black Hats (Hackers / Crackers degrading security) - Grey Hats (In-between White and Black) - Red Hat (Enterprise Linux) 26 Fundamentals • What can you do Legally? What about: ‐ Port scanning? ‐ Possession of hacking tools? ‐ Photographing? ‐ ISP Acceptable Use Policy (AUP)? ‐ Installing viruses on a computer network denying users? In Hawaii, the state must prove that the person charged with committing a crime on a computer had the “intent to commit a crime.” 27 Fundamentals • Federal Laws: ‐ Computer Fraud and Abuse Act, Title 18 Crime to access classified information with authorization. ‐ Electronic Communication and Abuse Act Illegal to intercept any communication, regardless of how it was transmitted. ‐ Stored Wire and Electronic Communications and Transactional Records Act Defines unauthorized access to computers that store classified information. 28 Class Discussion • What are the advantages of using a written contract when engaged in a computer consulting job? • Why is it important that your attorney read over the contract before you sign it? • What is upper management’s role for a penetration test? 29 Class Discussion • Why do you think the government does not define a common law for computer‐related crimes, rather than allowing each state to address these issues? 30 Fundamentals • Ethical Hacking in a Nutshell ‐ Must have a good understanding of networks & computer technology. ‐ Must be able to communicate with management & IT personnel. ‐ Must have an understanding of the laws that apply to your location. ‐ Must be able to apply the necessary tools to perform your tasks. 31 Fundamentals • Professional Certifications Certified Ethical Hacker (CEH) Cisco Certified Network Associate (CCNA) Project Management Professional (PMP) Certified Information Systems Security Professional (CISSP) 32 Fundamentals • Careers 33 Fundamentals • CEH 22 Domains 34 Fundamentals • CEH: Domain #1 35 Fundamentals • CEH: Domain #2 36 Fundamentals • CEH: Domain #3 37 Fundamentals • CEH: Domain #4 38 Fundamentals • CEH: Domain #5 39 Fundamentals • CEH: Domain #6 40 Fundamentals • CEH: Domain #7 41 Fundamentals • CEH: Domain #8 42 Fundamentals • CEH: Domain #9 43 Fundamentals • CEH: Domain #10 44 Fundamentals • CEH: Domain #11 45 Fundamentals • CEH: Domain #12 46 Fundamentals • CEH: Domain #13 47 Fundamentals • CEH: Domain #14 48 Fundamentals • CEH: Domain #15 49 Fundamentals • CEH: Domain #16 50 Fundamentals • CEH: Domain #17 51 Fundamentals • CEH: Domain #18 52 Fundamentals • CEH: Domain #19 53 Fundamentals • CEH: Domain #20 54 Fundamentals • CEH: Domain #21 55 Fundamentals • CEH: Domain #22 56 Tools Backtrack 5r3 Ubuntu Linux Distribution providing a comprehensive collection of security‐related tools for digital forensics and pen testing use. http://www.backtrack‐linux.org/downloads/
Load more

Recommended publications
  • Damn Vulnerable Linux CCERT-PUBDOC-2007-04-190
    Damn Vulnerable Linux CCERT-PUBDOC-2007-04-190 Sigurnosni problemi u računalnim programima i operativnim sustavima područje je na kojem CARNet CERT kontinuirano radi. Rezultat toga rada ovaj je dokument, koji je nastao suradnjom CARNet CERT-a i LS&S-a, a za koji se nadamo se da će Vam koristiti u poboljšanju sigurnosti Vašeg sustava. CARNet CERT, www.cert.hr - nacionalno središte za sigurnost računalnih mreža i sustava. LS&S, www.lss.hr - laboratorij za sustave i signale pri Zavodu za elektroničke sustave i obradbu informacija Fakulteta elektrotehnike i računarstva Sveučilišta u Zagrebu. Ovaj dokument predstavlja vlasništvo CARNet-a (CARNet CERT-a). Namijenjen je za javnu objavu, njime se može svatko koristiti, na njega se pozivati, ali samo u originalnom obliku, bez ikakvih izmjena, uz obavezno navođenje izvora podataka. Korištenje ovog dokumenta protivno gornjim navodima, povreda je autorskih prava CARNet-a, sukladno Zakonu o autorskim pravima. Počinitelj takve aktivnosti podliježe kaznenoj odgovornosti koja je regulirana Kaznenim zakonom RH. Revizija v1.0 CCERT-PUBDOC-2007-04-190 Stranica 2 / 15 Sadržaj 1 UVOD .............................................................................................................................................. 4 2 OPĆENITO O DAMN VULNERABLE LINUX SUSTAVU .................................................................................. 5 2.1 SVRHA SUSTAVA..................................................................................................................................... 5 2.2
    [Show full text]
  • Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix
    Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
    [Show full text]
  • Smashing the Stack in 2011 | My
    my 20% hacking, breaking things, malware, free time, etc. Home About Me Undergraduate Thesis (TRECC) Type text to search here... Home > Uncategorized > Smashing the Stack in 2011 Smashing the Stack in 2011 January 25, 2011 Recently, as part of Professor Brumley‘s Vulnerability, Defense Systems, and Malware Analysis class at Carnegie Mellon, I took another look at Aleph One (Elias Levy)’s Smashing the Stack for Fun and Profit article which had originally appeared in Phrack and on Bugtraq in November of 1996. Newcomers to exploit development are often still referred (and rightly so) to Aleph’s paper. Smashing the Stack was the first lucid tutorial on the topic of exploiting stack based buffer overflow vulnerabilities. Perhaps even more important was Smashing the Stack‘s ability to force the reader to think like an attacker. While the specifics mentioned in the paper apply only to stack based buffer overflows, the thought process that Aleph suggested to the reader is one that will yield success in any type of exploit development. (Un)fortunately for today’s would be exploit developer, much has changed since 1996, and unless Aleph’s tutorial is carried out with additional instructions or on a particularly old machine, some of the exercises presented in Smashing the Stack will no longer work. There are a number of reasons for this, some incidental, some intentional. I attempt to enumerate the intentional hurdles here and provide instruction for overcoming some of the challenges that fifteen years of exploit defense research has presented to the attacker. An effort is made to maintain the tutorial feel of Aleph’s article.
    [Show full text]
  • GNU/Linux Distro Timeline LEAF Version 10.9 Skolelinux Lindows Linspire Authors: A
    1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 Libranet Omoikane (Arma) Gibraltar GNU/Linux distro timeline LEAF Version 10.9 Skolelinux Lindows Linspire Authors: A. Lundqvist, D. Rodic - futurist.se/gldt Freespire Published under the GNU Free Documentation License MEPIS SimplyMEPIS Impi Guadalinex Clonezilla Live Edubuntu Xubuntu gNewSense Geubuntu OpenGEU Fluxbuntu Eeebuntu Aurora OS Zebuntu ZevenOS Maryan Qimo wattOS Element Jolicloud Ubuntu Netrunner Ylmf Lubuntu eBox Zentyal Ubuntu eee Easy Peasy CrunchBang gOS Kiwi Ubuntulite U-lite Linux Mint nUbuntu Kubuntu Ulteo MoLinux BlankOn Elive OS2005 Maemo Epidemic sidux PelicanHPC Inquisitor Canaima Debian Metamorphose Estrella Roja BOSS PureOS NepaLinux Tuquito Trisquel Resulinux BeatriX grml DeadCD Olive Bluewall ASLinux gnuLiNex DeMuDi Progeny Quantian DSL-N Damn Small Linux Hikarunix Damn Vulnerable Linux Danix Parsix Kanotix Auditor Security Linux Backtrack Bioknoppix Whoppix WHAX Symphony OS Knoppix Musix ParallelKnoppix Kaella Shabdix Feather KnoppMyth Aquamorph Dreamlinux Morphix ZoneCD Hiwix Hiweed Deepin Kalango Kurumin Poseidon Dizinha NeoDizinha Patinho Faminto Finnix Storm Corel Xandros Moblin MeeGo Bogus Trans-Ameritech Android Mini Monkey Tinfoil Hat Tiny Core Yggdrasil Linux Universe Midori Quirky TAMU DILINUX DOSLINUX Mamona Craftworks BluePoint Yoper MCC Interim Pardus Xdenu EnGarde Puppy Macpup SmoothWall GPL SmoothWall Express IPCop IPFire Beehive Paldo Source Mage Sorcerer Lunar eIT easyLinux GoboLinux GeeXboX Dragora
    [Show full text]
  • Cybersecurity and Forensic Challenges - a Bibliographic Review
    https://doi.org/10.2352/ISSN.2470-1173.2018.06.MOBMU-100 © 2018, Society for Imaging Science and Technology Cybersecurity and Forensic Challenges - A Bibliographic Review Reiner Creutzburg Technische Hochschule Brandenburg, Department of Informatics and Media, IT- and Media Forensics Lab,, P.O.Box 2132, D-14737 Brandenburg, Germany Email: [email protected] Abstract professional obligations on their learning processes. One can in- The aim of this paper is to give a bibliographic review of creasingly observe that colleges and universities more and more the growing number of different Cybersecurity and Forensic Chal- have to adjust to this present generation of students and respond lenges for educational and vocational training purposes. by increasing the flexibility of the courses. For this reason, on- Special attention is given to the hacking lab, which enables effec- line degree programs, or suitable combinations of classroom and tive training in cybersecurity and computer forensics in the uni- online studies (blended learning) are increasingly offered. It is versity environment and in vocational education and training. well-known that man learns about 80% of its knowledge and skills by informal learning compared to learning from formal learning. Introduction Unfortunately, often this fact is not taken into account by plan- Nowadays, small- and medium-sized enterprises (SME) ners and decision-makers from school, university and companies. have to deal more and more with the issue of IT security. Due A well-known example is the now already for 10 years success- to the ever-growing popularity of mobile devices, but also by the fully operating ”Virtuelle Fachhochschule (Virtual University)”, general acceptance of IT technology in everyday life, new secu- an association of 10 established Universities of Applied Sciences rity threats to corporate data occur every day [1-13].
    [Show full text]
  • Practical Linux Topics
    Binnie BOOKS FOR PROFESSIONALS BY PROFESSIONALS® THE EXPERT’S VOICE® IN LINUX Practical Linux Topics Practical Practical Linux Topics This book teaches you how to improve your hands-on knowledge of Linux using challenging, real-world scenarios. Each chapter explores a topic that has been chosen specifically to demonstrate how to enhance your base Linux system, and resolve important issues. This book enables sysadmins, DevOps engineers, developers, and other technical professionals to make full use of Linux’s rocksteady foundation. Practical Linux Explore specific topics in networking, e-mail, filesystems, encryption, system monitoring, security, servers, and more—including systemd and GPG. Understand salient security concerns and how to mitigate them. Applicable to almost all Linux flavors—Debian, Red Hat, Ubuntu, Linux Mint, CentOS—Power Linux Topics can be used to reference other Unix-type systems Topics with little modification. Improve your practical know-how and background knowledge on servers and workstations alike, increase your ability to troubleshoot and ultimately solve the daily challenges encountered — by all professional Linux users. Empower your Linux skills by adding Power Linux Topics to your library today. Chris Binnie US . ISBN 978-1-4842-1771-9 Shelve in: 54999 Linux/General User level: Intermediate–Advanced 9781484 217719 SOURCE CODE ONLINE www.apress.com Practical Linux Topics Chris Binnie Practical Linux Topics Copyright © 2016 by Chris Binnie This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
    [Show full text]
  • January 2012 Slides .Pdf Format
    12 For 12 12 Things to Know/Try for a Better 2012 by Aaron Grothe Security+/CISSP/NSA IAM/NSA IEM Introduction 12 for 12? Goal is to provide a quick example of some tools/sites that you might not be aware of. Each one of them meets the following criteria: I found them cool/neat/useful :- ) Hopefully you will too Links are at the end of the talk Slides are already posted at the NEbraskaCERT website http://www.nebraskacert.org/csf Introduction (Continued) If you have questions/comments please feel free to ask them anytime. You don't have to hold them until the end of the talk. If there are other resources similar to these that you think might be useful to people please let the group know. Hopefully this will be an interactive and productive session. Security LiveCDs/USB Sticks Go back quite a ways - everybody seems to be doing a remaster of Ubuntu these days Couple of the better ones ● CAINE - One I'm mostly using right now ● OpenDiag - Simple/Easy great for resetting NT passwords ● Katana - Bunch of Tools in one package ● Backtrack - one of the standards ● BartsPE - Windows XP live cd maker Webgoat Quite simply if you want to learn about web application security here is where to start ● Provides a simple Tomcat environment that is setup insecurely ● Provides a set of lessons to get you started ○ Learn about messing around with Input parameters ○ Learn about SQL injections ● Used together with WebScarab (a web proxy), you can learn a lot about how to test security for websites ● This is horribly insecure.
    [Show full text]
  • Debian GNU/Linux Since 1995
    Michael Meskes The Best Linux Distribution credativ 2017 www.credativ.com Michael • Free Software since 1993 • Linux since 1994 Meskes • Debian GNU/Linux since 1995 • PostgreSQL since 1998 credativ 2017 www.credativ.com Michael Meskes credativ 2017 www.credativ.com Michael • 1992 – 1996 Ph.D. • 1996 – 1998 Project Manager Meskes • 1998 – 2000 Branch Manager • Since 2000 President credativ 2017 www.credativ.com • Over 60 employees on staff FOSS • Europe, North America, Asia Specialists • Open Source Software Support and Services • Support: break/fix, advanced administration, Complete monitoring Stack • Consulting: selection, migration, implementation, Supported integration, upgrade, performance, high availability, virtualization All Major • Development: enhancement, bug-fix, integration, Open Source backport, packaging Projects ● Operating, Hosting, Training credativ 2017 www.credativ.com The Beginning © Venusianer@German Wikipedia credativ 2017 www.credativ.com The Beginning 2nd Try ©Gisle Hannemyr ©linuxmag.com credativ 2017 www.credativ.com Nothing is stronger than an idea whose Going time has come. Back On résiste à l'invasion des armées; on ne résiste pas à l'invasion des idées. In One withstands the invasion of armies; one does not withstand the invasion of ideas. Victor Hugo Time credativ 2017 www.credativ.com The Beginning ©Ilya Schurov Fellow Linuxers, This is just to announce the imminent completion of a brand-new Linux release, which I’m calling the Debian 3rd Try Linux Release. [. ] Ian A Murdock, 16/08/1993 comp.os.linux.development credativ 2017 www.credativ.com 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Libranet Omoikane (Arma) Quantian GNU/Linux Distribution Timeline DSL-N Version 12.10-w/Android Damn Small Linux Hikarunix Damn Vulnerable Linux A.
    [Show full text]
  • M.Tech. Cyber Security Systems and Networks
    M.TECH. CYBER SECURITY SYSTEMS AND NETWORKS Amrita Center for Cyber Security Systems and Networks This M.Tech programme aims to train the students in the cyber security discipline through a well designed combination of courseware and it s application on real-world scenarios. The programme has a strong emphasis on foundational course such mathematics for security application, advanced algorithms, networks etc., in addition to diverse subject core areas such as cryptography, operating systems and security, cloud security, security of cyber physical systems etc. Students will be exposed to real-world problems, open-end problems and simulated real-life scenarios with active guidance from domain experts in this field. The programme will help the students to: 1. Comprehend the various security threats and vulnerabilities of the cyber world keeping in line with industrial trends. 2. Scale up to the demand from multiple industrial sectors on the cyber world to promote effective methods, practices and tools to counter the cyber crimes. 3. To be able to architect, design and implement fool-proof product line in the field of cyber security. Ultimately this programme will yield next generation cyber security leaders who can be successfully employed in various sectors of industries, business firms, Government departments, financial bodies, educational institutions, etc, and these sectors generate huge demand for well-trained, professional people to be employed on cyber security front and they are always on the look-out for professionally trained people
    [Show full text]
  • Debian Une Distribution, Un Projet, Des Contributeurs
    https://people.debian.org/~taffit/talks/2018/ Debian Une distribution, un projet, des contributeurs David Prévot <[email protected]> Mercredi 27 mars 2018 — Lycée Aorai Quelques dates ● Fondée par Ian Murdock (16 août 1993) ● Debian 1.1 Buzz (17 juin 1996) ● Principes du logiciel libre selon Debian (DFSG) (5 juillet 1997) ● Première DebConf à Bordeaux (5 juillet 2000) https://www.debian.org/doc/manuals/project-history/ This hostname is going in dozens of remote config files. Changing a kid’s name is comparatively easy! https://xkcd.com/910/ Quelques chiffres ● Plus de 50 000 paquets binaires ● Installateur disponible en 75 langues ● 10 architectures (amd64, i386, armel, armhf…) ● Des centaines de distributions dérivées (Tails, Ubuntu, etc.) ● Des milliers de contributeurs https://www.debian.org/News/2017/20170617 Répartition des développeurs https://www.debian.org/devel/developers.loc Distributions majeures et dérivées ● Une poignées de distributions Linux à la base : Debian, Red Hat Enterprise Linux, Slackware, Gentoo, Arch Linux, Android, etc. ● De nombreuses distributions sont dérivées des précédentes : Tails, Ubuntu ou Raspbian par exemple pour Debian 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Libranet Omoikane (Arma) Quantian GNU/Linux Distributions Timeline Damn Small Linux Version 17.10 Damn Vulnerable Linux KnoppMyth © Andreas Lundqvist, Donjan Rodic, Mohammed A. Mustafa Danix © Konimex, Fabio Loli and contributors https://github.com/FabioLolix/linuxtimeline
    [Show full text]
  • Damn Vulnerable Linux
    A a p n u p d n r c iv o o e v m rs e d m it d e y l u r e r c i c in a tu g l t r ra e s in The Ultimate Vulnerable Operating System in g s! Based on the original DSL, the Damn Vulnerable Linux distribution provides with 150 MB of size an ultimate vulnerable operating system to address the many challenges of training the development of secure software systems. Free Simple and Small, Easy to start Damn Vulnerable Linux is an official free community Damn Vulnerable Linux is kept simple and small as driven project by IITAC – International Institute for possible. With no extensive grafical requirements it is Training, Assessment, and Certification. It is based on the even runnable on a low performance machine. With a free Damn Small Linux distribution. size of about 150 MB it does even fit on an USB stick – ready to go! Free RAM of 350 MB size is required only to run Damn Vulnerable Linux in memory. Damn Vulnerable Vulnerable Linux is extremely easy to start. Using a Damn Vulnerable Linux has been designed to be as much free virtual machine such as Xen or the free VMWare vulnerable as possible. With many pre-installed Player it can be booted within seconds - independant vulnerable and exploitable applications it provides the which platform you are using as base system. Without perfect environment to train IT-Security & IT-Anti- any need to install a new operating system. And if the Security missions.
    [Show full text]
  • Security Utilizing Multiple Options by Russ Mcree – ISSA Member, Puget Sound (Seattle), USA Chapter
    toolsmith ISSA Journal | May 2009 SUMO Linux: Security utilizing multiple options By Russ McRee – ISSA member, Puget Sound (Seattle), USA Chapter Prerequisites You might enjoy giving a listen to the February 27, 2009 SecuraBit Episdode 23 Bootable DVD reader for 1.0 (2.0 will include CDR &USB re- podcast5 where they interview Marcus leases) about the pending 2.0 release. Similar Projects Using SUMO Linux SystemResueCD1 Ultimate Boot CD2 A brief overview of each distribution Hopefully you’re familiar with at least one or two of the dis- tributions included with SUMO Linux: y RSS reader fed me a bit of toolsmith nirvana a 6 few of months ago, and I’ve been looking forward • The venerable Backtrack 3 is the top-rated live distribu- to sharing it with you ever since. tion dedicated to penetration testing M 7 SUMO Linux3 is the brain child of Marcus Carey of Sun Tzu • Darik’s Boot and Nuke (dban) is an extremely useful dis- Data in Washington, D.C area. As part of his DojoSec events tribution that securely wipes the hard disks of most com- and training program, Marcus found himself, and his stu- puters dents, frustrated with needing various tools from different 8 • DVL (Damn Vulnerable Linux) is described as the most Live CD distributions. Powering down, loading a new disc, vulnerable and exploitable operating system ever! and waiting until the new one comes up; annoying and trou- • Helix 2.0 (or 2008), a distribution dedicated to computer blesome to say the least. forensics, is sadly no longer freely available, another great SUMO Linux 1.0 is the genesis of that teaching experience – reason to make use of SUMO Linux.
    [Show full text]