Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 88 today we're going to discuss about Physical security.Physical security is really important to your organization's network security.After all, if an attacker is able to touch your network,your server, or your work stations,they can take control over those devices and do whatever they want with them.While we've been talking a lot in this course about all of the logical protections you can put in place,things like firewalls and intrusion detection systems,router ACLs, passwords, encryption,and all sorts of things like that,our physical security is just as important.Now, physical security is usually broken down into three main areas.We have the perimeter,we have the building,and then we have the room itself.So when I start talking about the perimeter,I'm talking about, as I approach your building, what is in my way?Are there fences?Are there guards?Is there some sort of vehicle access point?All of those type of things, that's our perimeter.What keeps us at bay and away from the building? Next, we get to the building security. Is the front door unlocked? Can I walk right in? Do I have to show my ID? Do I have to check in with somebody? What are the different controls you're putting in place to secure that building?And then finally we have the security of the room where your equipment is located.Now, if this is an office, this is going to be someplace that people actually work, and so people have to be able to get in there to access those terminals.How are you keeping unauthorized people out of those offices?And if you're dealing with a server room or a networking closet, those are places that people don't normally work inside of.And so when nobody's in there, we should be locking those using some sort of locking mechanism,whether that's a door lock, an electronic lock,or some other mechanism.Now, we'll talk about that all inside this section of the episode.

Hello everyone welcome to the show "Ethical Hacking" episode 87 today we are going to discuss about We just spent a lot of time talking about wireless networks, but there are other wireless networks out there besides Wi-Fi.These include things like Bluetooth,RFID, Near Field Communication, cellular,GPS, and satellite communications.Previously, we've talked about some vulnerabilities with Bluetooth.I want to remind you of two big terms when it comes to Bluetooth.This is bluejacking and bluesnarfing.I'm covering these again because I guarantee you're going to get at least one question on test day about either bluejacking or bluesnarfing really loves to ask that for some reason.Bluejacking is the sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets.Bluesnarfing, on the other hand,is the unauthorized access of information from a wireless device through a Bluetooth connection.So, to simplify this for the I want you to remember this.Bluejacking sends information to a device where Bluesnarfing takes information from a device.If you remember those two things,you'll do great on the exam.Also, when it comes to Bluetooth,remember you don't want to allow your device to use the default PIN for its pairing operations You should always change the PIN to something more secure than 1234 or 0000.Next, we have Radio Frequency Identification or RFID.RFID devices have an embedded radio frequency signal that's used to transmit identifying information about the device or the token to a reader that's trying to pick it up.RFID refers to a large category of devices and technologies,but, for the exam, the specifics of RFID are not that important.Instead, you need to focus on the fact that RFID devices can send information from a card to a reader to provide authentication or identification.For example, one of the most common devices that we use RFID for is a card that looks like a credit card,and can be used as part of your alarm system or door access system.So, with these cards, you can swipe your card over the reader, and it identifies you and allows you to enter the building.Because there are so many different types of RFID devices, RFID can operatein either very close environments or very far environments.It can be as close as 10 centimeters from the reader or as high as 200 meters from the reader depending on the particular device and technology in use.Because of that large distance,RFID is subject to eavesdropping,the ability to capture, replay, and rebroadcast its radio frequency as part of a larger attack.To minimize the ability to eavesdrop on RFID, an idea called Near Field Communication was invented.Near Field Communication or NFC allows two devices to transmits information when they're in close proximity to each other.This occurs using an automated pairing process and transmission process of that data.For example, some cellphones have the ability where you can touch the cellphones together to pass photographs back and forth.Other uses of NFC are common place in payment systems.For example, I have an iPhone,and I can hold it over a credit card terminal to pay with my credit card that's linked through Apple Pay.This is an example of a Near Field Communication device.Just like RFID, we do have to worry about the possibility of interception of that wireless information though because it could be replayed and rebroadcast Now, luckily for us, NFC does require the devices to be very close for the communication to work.

Hello everyone welcome to the show "Ethical Hacking" episode 86 today we are going to discuss about So we've talked about securing our wireless networks.Let's now spend a few minutes talking about the different types of attacks that focus on our wireless networks.The first is war driving.War driving is the act of searching for wireless networks by driving around until you find them.You could try this tonight. You can go sit in the backseat of your car,have your friend or your wife,drive you around the neighborhood and see which networks you can connect to.That's the idea here.They're simply going to drive around and hunt for networks.Now the attackers here are going to use different tools to do this.They can use wireless survey tools or other open source attack tools, but the common theme here is just finding out what networks are around and where you can access them from.Why would an attacker want to find open wireless networks or networks that they can get on to?It's not necessarily to attack your network,but it's to attack other networks through your network.So that way if they are doing some hacking or something like that,it traces back to your home and your home network,as opposed to tracing it back to them.The next type of attack is called war chalking.War chalking is the act of physically drawing symbols in public places to denote the open, closed, or protected networks that are in range.It gets its name because in the early days,people would actually take chalk and draw on a telephone pole different symbols to tell other people what it is.Now an example of this might be as you're doing a war driving,you might find an open network.If you did, you could find a telephone pole nearby,you can mark it down with a symbol like this.We have two open half circles faced back to back with the SSID of it written above them and the number below to signify the bandwidth of the network.Afterall, attackers can be nice people too.And they like to share their findings with others and they wouldn't want somebody else wasting their time looking for a network,only to find it has low bandwidth.So by marking that down,you can help other people avoid that network.Now in addition to open networks, you may find closed networks If you find a closed network,it's going to be a closed circle with an SSID written above it and bandwidth written below it.This tells us that network has some kind of encryption,it's closed,but we haven't quite figured out the password yet.Now if we do figure out the password,we can actually use this other symbol.We have the closed circle,we have the SSID on the top left left,we have the password on the top right,and the bandwidth below it.Inside the circle we might write something like W or WEP or WPA2,so people know what type of encryption they need to connect to that network.Now as I said war chalking is not nearly as popular as it used to be.In fact we don't really see a lot of these symbols around in the city anymore.Instead, most of this is being done digitally. This is being done as part of websites or other apps that hackers use and share their finds,so people know what other kind of WiFi is out there.The next attack we have is known as an IV attack.An IV attack occurs when an attack observes the operation of a cipher being used with several different keys and they findthis mathematical relationship between those keys to determine the clear text data.Now I know that sounds really complicated,but the good news is you don't have to do the math to do it.There's programs that do it for you.This happened with WEP because of that 24 bit initialization vector.It makes it very easy to crack WEP because there's programs that do it for us.

Hello everyone welcome to the show "Ethical Hacking" episode 85 today we are going to discuss about Wireless access points.In addition to selecting the right encryption,it's also important to select the right placement and configuration of your wireless access points,in order for you to achieve a good security posture.Most small office, home office wireless system rely on a single point to multi-point setup.This relies on having a single access point that services all of the wireless clients.For example, on this floor plan,you can see the strongest signal is the red spot,that's centered around a single wireless access point,and all of the other office cubicles are connecting back into it.In this next example,you can see a multi-point to multi-point system.This has multiple access points that are going to be used to provide the wireless network services in an ESS,or extended service set configuration.They're all going to work together to provide one common network that's supported by these multiple access points.Now, in both of the previous examples,the wireless access points are using an omnidirectional antenna.This means that the access point is going to radiate out its signal equally in every single direction.Now, this can be good from a coverage perspective,but it also is dangerous.You may want to control which direction the signal is actually radiated, and if you do,you can do that using a bidirectional or a unidirectional antenna.For example, in a unidirectional antenna,all of the transmission power is going to be focused at a single direction.This allows you to choose which areas receive the signals,and which ones don't.So in this example,we're using a left-side focused antenna and it only transmits out to computers on that side of the building,while the computers on the right are going to remain in an uncovered area and not get any signal.Now, we've talked about this back in our network plus curriculum as well,but from an operational standpoint,we're trying to increase the coverage to all areas,when we're talking network plus.Now, from a security perspective, though,we may actually want to limit the area of coverage.Let's look at our heat map once more.Here you can see an extended service set configuration with two access points.Each of those access points has omnidirectional antennas.This is giving us good,adequate coverage around the office base,as you can see inside the floor plan.So our network technician for network plus did a good job here.Now, for this office,each cubicle also has a wired physical connection,but the access point there is just to provide the employees access while they're sitting at those conference tables in the middle,or if they're walking around using their cellphones.Now, all of this is great,and there's good coverage,meaning that it's meeting our operational needs.But, you'll also notice that orange and yellow area,which represents the medium and lower signal areas that are radiating outside the walls of the building.

Hello everyone welcome to the show "Ethical Hacking" episode 84 today we are going to discuss about Wireless encryption. Another huge vulnerability in wireless networks is the encryption that you choose to use.In this lesson, we're going to do a quick review of wireless encryption types,that you learned back in your Network Plus studies.The reason for this is because encryption of your data being transmitted is going to be paramount to increasing the security of your wireless networks.Now, most wireless encryption schemes rely on a pre-shared key.This is when the access point and the client use the same encryption key to encrypt and decrypt the data.The problem with this is scalability becomes difficult.Think about it, when a friend comes over to your house,to use your WiFi.You have to tell him your password.Now, if you have 50 friends come over,you're going to tell 50 different people your password,and now, all 50 of them know your password.And so, this is one of the first problems that we have with wireless encryption,is that if you're going to use a pre-shared key,you've got to figure out a secure way to distribute that key to everybody,and keep it secret.If all 50 people know your password,then it's probably not that secret anymore.Now, there are three main types of encryption that are in use from wireless networks.We have WEP, WPA, and WPA2.WEP is our first one.WEP is the Wired Equivalent Privacy.This came from the original 802.11 wireless security standard,and it claimed to be as secure as a wired network.I'm going to prove this wrong to you in our demonstration later,because we're going to brute-force WEP,and break it in about three minutes.WEP was originally used with a static 40-bit pre-shared encryption key,but later it was upgraded to a 64-bit key,and, then again, to a 128-bit key.This isn't the main problem with WEP, though.The main problem is a 24-bit Initialization Vector,or IV, that it uses in establishing the connection,and it's sent in clear text.As I said, WEP is not very secure,and because of this weak Initialization Vector,we're going to be able to brute-force WEP in just a couple of minutes,using using Aircrack-Ng and other tools.So, to replace WEP, they came up with WPA.WPA is the WiFi Protected Access standard.It uses a Temporal Key Integrity Protocol, or TKIP,which uses a 48-bit Initialization Vector,instead of the 24-bit Initialization Vector used by WEP.The encryption that it uses is the Rivest Cipher 4,or RC4, and it added Message Integrity Checking, or MIC.And, it uses all of this to make sure that the data is secure,and ensuring that it's not modified in transit.Overall, it's a pretty good standard,but it does have some flaws,and so version 2 was released to fix those.WPA version 2, or WiFi Protected Access version 2 was created as part of the 802.11i standard,to provide stronger encryption and better integrity checking.The integrity checking is conducted through CCMP,which is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.And, the encryption uses AES,the Advanced Encryption Standard.AES supports a 128-bit key, or higher,and WPA2 uses either a personal mode,with pretty short keys,or an enterprise mode,with centralized authentication via a radio server,or another centralized server,to handle that password distribution we were talking about.Now, I want to pause here for a second,and before we go any further,give you a couple of quick exam tips.First, if you're asked about WiFi,and it uses the word, Open, in the question, it's usually looking for some kind of answer that says the network has no security, or no protection.

Hello everyone welcome to the show "Ethical Hacking" episode 83 today we are going to discuss about Securing WiFi devices.Wireless devices are much less secure than our traditional networks because their data streams are simply flying through the air,waiting to be gobbled up by some attacker sitting out there.When we talked about wire tapping in the last lesson,we talked about having to gain access to the network physically.Well, with a wireless network that challenge is eliminated because the network is literally floating in the airways.In this lesson we're going to discuss some of the basic vulnerabilities associated with wireless networks and how you can combat them.First, the administrative access on the wireless access point is a vulnerability.Usually these have default user names and passwords like admin, admin like we discussed before.And you have to make sure you secure them.Also, remote administration should be disabled on your wireless access points.Remote administration is something that allows you to connect over the internet and then make changes to your wireless access point.You don't need that.Instead you should turn it off and make sure that you're doing it locally inside your network only to minimize that risk.The second vulnerability we have to think about is the service set identifier,or the SSID.Back in network plus you learned that the SSID is what uniquely identifies the network and it acts as the name of the wireless access point that the clients are going to use to connect to it.For example, if you came by my offices,you would see that my network is the oh so hard name to guess of vijay.Anyone who sees that might think hey that might be vijay kumar's WiFi, right?Well, that's the SSIDs job.It sits there and it broadcasts out hey I'm here,I'm here, I'm vijay, I'm vijay I'm vijay Now, according to you should disable the broadcast.So clients have to already know the name of it prior to connecting to it.They say this is a way to slow down the bad guy from attacking your network.As an ethical hacker myself,I can tell you that it isn't really going to slow me down.If you aren't broadcasting openly,your clients are still sending the same wireless access point information and that SSID with every single communication they make.It takes me about five seconds to find out your SSID if you're not broadcasting.So by disabling it you're just making operations harder for yourself and you're not really gaining any security here.Now all of that said,if you're asked disable SSID broadcast is considered good security in the security and you should implement it.In the real world, it really doesn't matter that much.Now the next one we're going to talk about is rogue access points.Rogue access points are another vulnerability out there.A rogue access point is an unauthorized wireless access point or wireless router that somebody connected to your network and it's going to give access to your secure network.For example, if you walk around your office and somebody decided that they didn't want to plug into that RJ45 jack all the way in the back wall over there,so they put a wireless access point so they can access it throughout the whole room.That makes operations easy for them,but that wireless access point wasn't properly configured.This is going to extend your wired network into the wireless realm,and it can introduce it's own DHCP server and cause all sorts of other issues.To prevent this you should enable MAC filtering on the network,network access control and run a good IDS or IPS on your network that can detect or prevent these devices when they initially try to connect.

Hello everyone welcome to the show "Ethical Hacking" episode 82 today we are going to discuss about Securing network media.Network media is the cabling that makes up our network.This can be copper,fiber optic, or coaxial.And they're going to be used as a connectivity method inside of our wired networks.Now, in addition to all the cables there's other parts of the cabling plant we have to think about.All those intermediate devices like patch panels, punch-down blocks,and network jacks all make up this cabling plant that runs throughout our organization.And each part of that can be a vulnerability for us.The first vulnerability I want to discuss is EMI.This stands for electromagnetic interference.Electromagnetic interference is a disturbance that can affect electrical circuits,devices, and cables due to radiation or electromagnetic conduction that occurs.Now, EMI is something that happens normally inside our businesses and inside our homes.EMI is caused by all sorts of things, like televisions,microwaves, cordless phones, baby monitors,motors like inside your vacuum, and other devices.Anything that is really a powered device,even handheld drills can cause electromagnetic interference.Now, to minimize EMI you need to install shielding around the source, for instance,your air conditioner lets off a lot of EMI.You could put shielding around that.Or you can shield the cable itself by choosing shielded twisted-pair.Now, STP cables, or shielded twisted-pair,have foil around either each twisted-pair in the cable or around the entire bundle of twisted-pairs to prevent emanations out of the cable or interference entering into the cable.STP gives you double benefit, it keeps things out, and it keeps things in.This is good for security and helps minimize this vulnerability.Now, the next vulnerability we have is called radio frequency interference, or RFI.RFI is just another type of interference like EMI.Like EMI it's a disturbance that can affect your electrical circuits,your devices, and your cables.But instead of being caused by electrical waves it's caused by radio waves.Most often from AM and FM transmission towers or cellular phone towers.Now, cell towers and radio towers near your office can be a big source of RFI in your wireless networks.And when you have a significant amount of RFI this can cause to network connectivity problems for your wired networks, as well as disturbing your wireless networks too.Now, this is something that you're going to have to address.And a lot of it is going to be addressed by shielding the building or getting stronger devices that can overcome the radio frequency interference that's occurring.Another vulnerability we have is what's known as crosstalk.Crosstalk occurs when a signal is transmitted on one copper wire, and it creates an undesired effect on another copper wire.So, when we think about having two copper wires,like inside of a twisted-pair cable,if the shielding inside that protects those wires comes off,then we can actually have crossover from one wire to another.And that causes interference because of the data emanations and EMI.Crosstalk is essentially that,but in very close proximity.Now, this becomes very common with older cable network types, things like Cat3 networks,or even some early Cat5 networks.Most of our Cat5E and Cat6A networks aren't really subject to crosstalk nearly as much.Another place is see crosstalk happen a lot is if you have punch-down blocks,and you decide to use an older terminal,like the old 66 blocks that were used for phone lines,and tried to use that for networks.Networks should always use a 110 block,like you learned back in Network because it gives more spacing and prevents crosstalk from occurring.The next thing you want to talk about here is STP cables because STP cables are really helpful to our networks.They can prevent some of that RFI, they can prevent EMI.And they can help with crosstalk.

Hello everyone welcome to the show "Ethical Hacking" episode 81 today we are going to discuss about Securing network devices.Network devices include things like switches, routers,firewalls, IDS, IPS, and more.Each of these different devices has its own vulnerabilities that have to be addressed.But for the security.we're going to focus on the most common vulnerabilities across all of these different devices.The first vulnerability we're going to talk about is default accounts.These are accounts that exist on a device straight out of the box when you buy it.So for example, if you buy a small office,home office wireless access point.Like a Linksys or a D-Link, or something like that,it's going to have some accounts already established on there.It might have one like admin or administrator or user,or something of that nature.All of these default accounts are very easy to figure out and very easy to guess.And so it's important for you to actually change these names so that they're not something that an attacker can easily guess.And then all they have to do is guess your password.Now, this applies to your organizations as well.You want to make sure that your naming schemes aren't really easy to guess.Unfortunately, though, most organizations are going to use a common naming scheme for all of their users.For example, most organizations like to use first name dot last name.So if your name was vijay kumar like me,you're vijaykumar@yourcompany.com.Or sometimes they'll do something like vkumar@yourcompany.com, where it's the first letter and the last name.Any of these make for a great,normal, easy to understand naming scheme.That makes operations very easy.But it also makes it fairly easy to guess.Because if I see that Jason.Dion@whatever.com is one email,then I can probably guess that Susan.Smith is also there.Or whoever else I'm dealing with.You want to make sure you're thinking about this and you're starting to add diversity,and making sure that those default user names are changed.Now, the next thing you want to think about is the device user name as well.There's defaults for this too.I've seen people call them router or switch as the user names.That's not a good plan either.When you're creating a device account,you want it to be something more complex.So maybe it's rtr for router with a couple of numbers after it.Something that's not easily guessable.That's what I'm talking about here as we try to change these default accounts.The next issue we have goes right along with default accounts,it's weak passwords.Don't leave passwords as their default.For instance, those Linksys routers we all have,they're admin for user, admin for password.That is horrible.We also don't want to use any words that are in the dictionary.Your passwords need to be long, strong and complex with at least 14 characters long, upper case, lower case, special characters and numbers.By having this mixture, it's going to increase the time it takes to brute force that password,and make it much harder for an attacker to break in to your network.So for example, if I have the password of password,which is all lower case, I'm only using 26 different options because lower case letters are A through Z.And so if I look at that, that's considered a weak password.If I add some upper case to it, now I have 52 characters because I have upper case and lower case.So I have something like password,where the P, the S's and the D's are upper case and the other letters are lower case.If I want to make it even more secure,I can add numbers to that.And I'll change out the S's for fives and the Os for zeroes, things like that.And this is going to give us more choices, again,because we have 26 lower case, 26 upper case and 10 numbers, zero through nine.But if we want it to be the best and most secure that it possibly can be, we want to add symbols to this too.And so now we're going to get something like 70 different options.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 80 today we're going to discuss about In this section of the course,we're going to talk about securing your wired and wireless networks.We're going to start out with wired network devices,things like switches and routers,and then we'll move into the cabling that helps put all these networks together.After that, we're going to start talking about wireless networks and how we can better secure them and all the different types of attacks that exist for wireless networks.We'll even go through a demonstration in this section where I'm going to show you how easy it is to break wireless encryption and we'll be able to do that in about just two or three minutes.So it's really important to understand how to secure your networks properly so attackers can't do this to you.Now finally, we're going to round out this section by covering other types of wireless technology in addition to wifi,things like RFID,near-field communications,bluetooth, satellite communication,GPS, cellular, and others.So let's get started.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 79 today we're going to discuss about In the last lesson, we talked about the concept of DNS poisoning.In this lesson, I want to cover the concept of ARP poisoning with you fairly quickly.Now ARP stands for the address resolution protocol,like you learned back in Network Plus,and it's used to convert an IP address into a MAC address.If you remember back from Network Plus and our OSI model lesson,as data moves down the OSI stack, it uses IP addresses to transmit packets all over the world from router to router.But once it finds the right router,that router converts that IP address into a MAC address and passes it on to the switches inside of its own network,and that is going to help it to deliver the information using frames inside the data link layer.Now ARP poisoning is going to exploit the way that an ethernet network works.It's going to enable an attacker to steal,modify, or redirect frames of information on the network.The concept here is that the attacker's going to associate their MAC address with the IP address of another device within the network.This way, whenever the router asks for the MAC address that's associated with that IP,they get the attacker's MAC address instead of the legitimate user's.This allows the attacker to essentially take over any session that would involve MAC addresses at the layer two of the OSI model.Also, if the attacker wanted to get really creative here,they could set up a man in the middle using this technique by taking over the MAC address first,then passing the data back and forth between the victim and the rest of the network.To prevent ARP poisoning,you should set up good VLAN segmentation within your network,and also set up DHCP snooping to ensure that IP addresses aren't being stolen and taken over by an attacker.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 78 today we're going to discuss about DNS attacks.There are four different DNS attacks that you have to know for the security.There're DNS poisoning, unauthorized zone transfers,altered hosts files, and domain name kiting.Now, DNS poisoning occurs when the name resolution information is modified in the DNS server's cache.This modification of the data is done to redirect client computers to fraudulent or incorrect websites usually as part of follow-on attacks.The DNS system was designed without a lot of security embedded into it originally.This open architecture assumed a level of trust with all the other servers which I already told you is a pretty bad idea,but that has been taken advantage of by malicious attackers because trusting is a bad idea.Now, DNS poisoning usually occurs on a company's internal DNS servers instead of on public-facing DNS servers around the internet.With this type of attack, the internal client on the network has to make a request to go to a website like diontraining.com and whenever they make that request the client first checks with their local network's primary DNS server to see if it knows the IP address for that URL.If someone has gone there recently that IP address is already going to be stored in the local cache but if the cache was poisoned that user's now going to be redirected to a malicious website instead of the desired one.To counter act DNS poisoning, secure DNS also know as DNSSEC, has been created.DNSSEC uses encrypted digital signatures when passing DNS information between servers to help protect it from poisoning.You can also prevent your DNS servers from being poisoned by insuring that you're running the latest patches and the latest updates to make sure it's protected.Our next type of DNS attack is called an unauthorized zone transfer.DNS servers are normally configured to provide DNS data to a zone transfer which replicates information to other servers. With an unauthorized transfer though an attacker requests a copy of that zone transfer information and if they receive it they now have a list of all of your server names and IP addresses and this helps them plan for future attacks.Because of this, zone transfers should always be restricted between two known and trusted servers only and not let other people ask for zone transfers. The third type of DNS attack is focused on the client itself. Every computer and workstation has a file on it called the host file.The host file is a plain text file and it contains IP addresses and names.This is a reference that the operating system is going to check every time a DNS lookup is requested prior to going to a DNS server.So if the host file has a domain name being requested,it's simply going to provide the host file version of that DNS information instead of going out to a DNS server requesting it.So for example, one day my son was not doing his school work and it was really upsetting me.Instead I kept going up there and seeing he was watching YouTube.So, I logged into his computer and I added the URL for YouTube into his host list and I pointed that to the IP address for his school's website. Now, anytime my son typed in youtube.com instead of getting the DNS lookup for YouTube and getting redirected to their server he instead got the one from the host file that I maliciously put in there and it served up the home page for his school.Now, every time he tried to watch a video he was told hey you got to go to school, right? I think this is pretty funny and you may think it's funny too but he was not very happy about this change and he couldn't for the life of him figure out why YouTube wouldn't come up on his laptop.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 77 today we're going to discuss about Transitive attacks.Transitive attacks aren't really an actual type of attack but more of a conceptual method.It gets its name from the Transitive Property we learned back in mathematics.Essentially, the Transitive Property says that if A equals B and B equals C,then by all logic, A also equals C.Now, when it comes to Security ,and they talk about the idea of a transitive attack,they're really focusing on the idea of trust.If one network trusts a second network and that second network trusts a third network, then that first network really trusts the third network, and so, if an attacker can get into any one of those three networks,he can then get into the other two as well.This is based on that transitive trust.This is really important in the world of security because whoever you trust,you're also trusting everyone else that they've ever trusted. Whenever you connect your network to somebody else's network using a trust relationship, you're inherently assuming all of the risk of their security posture or the lack of their security posture in addition to your own security posture.Now, often in large enterprise networks, we reuse trust relationships between different domain controllers because this helps us minimize the amount of times that someone has to authenticate over and over for a resource,but, remember, whenever you sacrifice security in order to afford yourself better or quicker operations,there is a risk associated with it.So if your organization wishes to maintain a strong security posture,your systems should not assume trust but instead, should question and re-question every device and network that it wishes to connect to.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 76 today we're going to discuss about Replay attacks.A replay attack is a network-based attack where valid data transmissions are fraudulently or maliciously re-broadcast,repeated or delayed.This works a lot like a session hijack but it's a little bit different.With a session hijack,the attacker is trying to modify the information being sent and received at real time but with a replay attack,we're simply trying to intercept it,analyze it and decid whether or not to let it be passed on later again.Now, for example, if I were able to capture the session that occurs when you went in to log into your bank with your username and password,I could then replay that session to the bank later on in an attempt to log in as you.That's the idea of a replay attack.Now, to combat a replay attack,you should ensure that websites and devices are using session tokens to uniquely identify when an authentication session is occurring.Also, if you use multi-factor authentication,this can help prevent the ability of a log on session to be replayed because it doesn't have that token that has that random data that's changed every 30 to 60 seconds if you're using something like a one-time use password as part of your multi-factor authentication.One place where replay attacks have been used quite successfully though is in the world of wireless authentication.By capturing a device's handshake onto the wireless network,you can replay it later to gain access to that network yourself as if you were them.This is extremely common in the older protocols,especially the wired equivalent privacy or WEP when using a wireless network. So, you should be using the latest protocols like WPA2 to help prevent and minimize your risk.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 75 today we're going to discuss about Hijacking, next we have hijacking which is the exploitation of a computer session in an attempt to gain unauthorized access to data,services, or other resources on a computer or server.There are eight types of session hijacking that can be performed.Session theft, TCP/IP hijacking, blind hijacking,clickjacking, Man-in-the-Middle,Man-in-the-Browser, the watering hole attack and cross-site-scripting attacks.The first type of hijacking is known as session theft.With session theft the attacker is going to guess the session ID for a web session and that enables them to takeover the already authorized and established session of that client.Each session is uniquely identified with a random string but if the attacker can determine or guess that string they can take over the authenticated session with the server.And this example, you can see this is occurring at the session layer of the OSI model but it can also occur at the network or transport layer too.Now when it does it's called TCP/IP hijacking.Because it occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access.Because TCP sessions only authenticate during the initial three-way handshake the attacker can jump into the session at any time they want if they can guess the next number in the packet sequence.This can also be used to create a denial of service attack against the initial host that way they can take it over and not let that person jump back into the session.Now, the next type of hijacking is called blind hijacking because it occurs when the attacker blindly injects data into a communication stream and won't be able to see the results whether they're successful or not.Clickjacking is our next type.This attack uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on something else.Basically the hyperlink to the malicious content is hidden under some legitimate clickable content.So you think you're clicking on an image and you're actually clicking on some link that takes you elsewhere.Now a Man-in-the-Middle attack is probably the attack you've heard most before.This is also one that is commonly used in session hijacking.A Man-in-the-Middle attack causes data to flow through the attacker's computer where it can then be intercepted or manipulated as it passes through.This is considered an active type of interception.So let's pretend that you've got some kind of malware on your computer and now all of your traffic is going to route through this attacker's machine. Well, if you wanted to transfer $50 from your bank account to your friend's but the attacker changes the amount and the destination of the account you may now be sending $5000 to the attacker instead of the $50 to your friend.This is the idea of a Man-in-the-Middle.Since the attacker is sitting right in the middle of that connection they can see and manipulate any data as it's being sent back and forth.Now a Man-in-the-Browser is very similar to the Man-in-the-Middle except it's limited to your browser's web communication instead of looking at the entire communication.This can occur because you have a Trojan that's infected your vulnerable web browser and it modifies web pages or transactions that are being done within that browser.To prevent this you should insure you have a good anti-malware solution installed and you have the latest security updates for your web browser because this will pretty much eliminate the Man-in-the-Browser attack.Next you have a watering hole.And a watering hole is something that we described all the way back in the beginning of this course.It occurs when malware is laced on a website that the attacker knows his potential victims are going to access.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 74 today we're going to discuss about Spoofing, spoofing is a category of network attacks that occur when an attacker masquerades as another person by falsifying their identity.Just like a person uses a mask to cover up their face to hide their true identity,spoofing is the electronic equivalent.We have briefly discussed spoofing a few times already,such as in the case of the DNS amplification attack when attempting a distributed denial of service by spoofing the IP address of the victim's server when making that request.Or we've talked about it before when we talked about fishing,where an attacker is trying to get you to click on a link in an email by falsifying their identity to trick you into clicking that link thinking that it's trusted.Anything that identifies a user or system can be spoofed, though.For example, each network interface card has a unique MAC address that's assigned to it,but MAC spoofing allows the attacker to change their MAC address to pretend that they're using a different device.IP addresses are also commonly used to identify a system, but with IP spoofing, the attacker can use somebody else's IP address as part of their attacks.So, how do we prevent spoofing from being effectively used against our systems?Well, the best way is to proper authentication,preferably multi-factor.Now when you use proper authentication,you're going to be able to identify a system or user more accurately and prevent the spoofing.If you can do this,you're going to be able to detect and stop spoofing quite easily.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 73 today we're going to discuss about We talked about a denial of service attack involving the continual flooding of a victim system with a request for services that causes a system to crash and run out of memory.Now, this usually happens when you're talking about one system attacking one system.But that wasn't enough with modern computers,so we moved up to the distributed denial of service attack,where hundreds or thousands of people target a single server to take it down.Now, in March of 2018, the website GitHub was actually hit by the largest DDoS that we've clocked to date.This is where tens of thousands of unique endpoints conducted a coordinated attack to hit that server with a spike in traffic,and the spike in traffic went up to 1.35 terabits per second.This took the website offline for all of five minutes.So you can see how these DDoSes are really hard on a server and can take them down,but not for very long if you can stop 'em.So your real question probably is,how can you survive one of these attacks?And how can you prevent it from taking down your organization's servers? Well, we have a couple of techniques.The first one is called blackholing or sinkholing.This technique identifies attacking IP addresses and routes all of their trafficto a non-existent server through a null interface.This effectively will stop the attack.Unfortunately, the attackers can move to a new IP and restart the attack all over again,and so this is only a temporary solution.Intrusion prevention systems can also be used to identify and respond to denial of service attacks.This can work for small scale attacks against your network,but you're not going to have enough processing power to handle a large scale attack or a big DDoS.Now, one of the most effective methods to utilize is to have an elastic cloud infrastructure.If you've built your infrastructure so that it can scale up when demand increases,you can ride out a DDoS attack.Now, the problem with this strategy, though,is that most service providers are going to charge you based on the capacity and resources that you used, so when you scale up,you're going to get a much larger bill from that service provider than you normally were expecting.And you're not getting a return on this investment,because this traffic was all wasted.It wasn't generating any revenue for you.So there's actually some specialized cloud providers out there that have taken on this challenge.People like Cloudflare and Akamai are designed to help you ride out these DDoS attacks.They provide web application filtering and content distribution on behalf of your organization. These service providers are focused on ensuring that you have highly robust, highly available networks that can ensure that they can ride out these DDoS attacks and these high bandwidth attacks.This is going to also give you additional layer defenses throughout your OSI model, and it's going to help provide you additional protections.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 72 today we're going to discuss about In the last lesson we discussed the concept of a denial of service attack,and we went over all of the different types of them, but most modern systems can't be taken down by a single machine attempting a denial of service anymore,so attackers got smarter and they created a distributed denial of service, or DDoS.Now a distributed denial of service attack,instead of using a single attack targeting one server they use hundreds or even thousands of machines to launch an attack simultaneously against a single server,and force it offline to create that denial of service condition.Usually these machines that conduct the attack don't even realize that they're a part of it though.Generally these machines have become zombies or bots inside a large bot net and then when they receive that command to attack,they all simultaneously send all their payloadsagainst a single victim.Now, in addition to most basic forms of DDoS attacks,there is one specific type of DDoS attack called a DNS amplification attack that could be performed.This specialized DDoS allows an attacker to generate a high volume of packets that's intended to flood a victim's website by initiating DNS requests from a spoof version of the target's IP address.This causes the DNS servers to respond to that request and send the response back to the server thinking that it's valid, because a DNS request uses very little bandwidth to send,but the response usually takes up a lot more bandwidth,this allows the attack to be amplified against the victim's server.Also if this is happening because thousands of simultaneous requests are being made by a bunch of zombies and a bot net on behalf of your victim's server,you can easily become overwhelmed with a lot of information and eat up lots of bandwidth pretty quickly causing that denial of service condition to occur.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 71 today we're going to discuss about we're going to focus on the concept of a Denial of Service attack.Now, a Denial of Service attack isn't a specific attack in and of itself,but instead is this category or type of attack that's carried out in a number of different ways.Essentially, the term Denial of Service is used to describe any attack which attempts to make a computer or service resources unavailable,but it can also be extended to network devices,like switches and routers as well.There are five subcategories of Denial of Service attacks,Flooding Attacks, the Ping of Death, the Teardrop,the Permanent Denial of Service attack, and the Fork Bomb.The first category is called a Flood Attack.This is a specialized type of Denial of Service which attempts to send more packets to a single server or host than it can handle.So, in this example,we see an attacker sending 12 requests at a time to a server.Now, normally a server wouldn't be overloaded with just 12 requests,but if I could send 12 hundred or 12,000 that might allow me to flood that server and take it down.Now, under a Flood Attack we have a few different specialized varieties that you're going to come across The first is called a Ping Flood,this attack is going to happen when somebody attempts to flood your server by sending too many pings.Now a ping is technically an ICMP echo request packet,but they like to call it a ping Because a Ping Flood has become so commonplace though,many organizations are now simply blocking echo replies,and simply having the firewall dropping these requests whenever they're received.This results in the attacker simply getting a request timed out message,and the service remains online,and the Denial of Service is stopped.Next we have a Smurf Attack.This is like a Ping Flood,but instead of trying to flood a server by sending out pings directly to it,the attacker instead tries to amplify this attack by sending a ping to a subnet broadcast address instead,using the spoofed IP of the target server.This causes all of the devices on that subnet to reply back to the victimized server with those ICMP echo replies,and it's going to eat up a lot of bandwidth,and processing power.Now, you can see how this looks here,with the attacker sending the ping request with the IP of that server being spoofed into the request,and now the destination is sent to the broadcast of that subnet.In this example, all three PCs in the subnet are going to reply back to that ping request thinking it's from the server,and the server gets three times the amount of ping replies than if the attacker had sent it to them directly.Now, this allows that attack to be amplified,especially if the attacker can get a large subnet,like a /16 or a /8 used in this attack.The next kind of Flood Attack is what we call Fraggle.Fraggle is a throwback reference to the kids show Fraggle Rock from the 1980s,which aired around the same time as the Smurf TV show.So you can guess that Fraggle and Smurf are kind of related.Well with Fraggle, instead of using an ICP echo reply,Fraggle uses a UDP echo instead.This traffic is directed to the UDP port of seven,which is the echo port for UDP, and the UDP port of 19,which is the character generation port.This is an older attack,and most networks don't have this vulnerability anymore,and both of these ports are usually closed,'cause again, they're unnecessary.Notice that I didn't have them in your port memorization chart either.Now, because of this,Fraggle attacks are considered very uncommon today.That said, a UDP Flood Attack,which is a variant of Fraggle,is still heavily used these days.It works basically the same way as a Fraggle attack,but it uses different UDP ports.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 70 today we're going to discuss about Unnecessary ports.As we've already discussed,there are a lot of ports available for use by your computers and your networks.We started out with 65,536 ports available back in our ports and protocol lesson.Then, we narrowed it down to 35 port that you just had to memorize in the last lesson.But does that mean that all 35 of those are necessary for your computer to function? Well, the answer is no.When it comes down to it,you aren't using all of those services,at least not all of the time.Also, if you're running a server,you wouldn't want to have all 35 of those ports open either.Why?Because many of them are unnecessary.Now, that begs the question, what makes a port unnecessary? Well, an unnecessary port is simply one that's associated with a service or a function that you don't need or is considered non-essential.For example, if you have a server whose entire function is to act as a mail relay server,all it's designed to do is send mail out,then the only thing it needs is a couple of ports open.It needs port 25 for SMTP and port 465 or 587 for SMTP over SSL and TLS.Now, every other port on that server can be shut or disabled or closed and you wouldn't care,because only those three ports are the ones you need.Remember, every open port represents an unnecessary vulnerability being left exposed if you didn't need to have that port open.So you want to close anything you're not using.Because of this, security professionals and analysts routinely scan their servers,their routers, and their firewalls to ensure that they understand exactly what ports are open in their networks and which ones they can disable or close.For example, this is a result from one of my scans and you can see there's three hosts that have ports 139 and 445 open in the network.Now, thinking back to our last lesson where you memorized all the ports,can you guess which services these machines might be running?Well, port 139 is used for net bios and port 445 is used for SMB.This means these three machines are most likely running the Windows operating system and they have file sharing enabled over the local network.Now, if these machines don't need to have file sharing enabled over the local network,we can disable these ports and remove the possible vulnerabilities that are inherent within the Windows file-sharing system.To close an unnecessary port,there are three methods you can use.First, you can stop the service that uses that port from the operating system's graphical user interface.To do that in Windows, simply open up the computer management console,select Services and Applications,and then select Services.From here, you double-click on the particular service that you want to turn off,and it's going to open up a dialog box as shown here.Now, in this example, I've stopped the Windows update service in Windows 10 from running,which will also prevent any associated open ports from remaining open because of this service running.The second method is to do this from the command line interface.As I showed you back in our operating system hardening lessons,you can turn off a service by using the net stop command and the name of the service.On a Linux server, you can do this by entering sudo stop and the name of the service at the command line.Now, the third way to do this is to block the ports at your firewall,whether this is a software or hardware-based firewall,or on the server itself.Now, usually, a firewall's going to block ports by default,and it requires you to open the port when you want to install a particular service or function.Now, for example, let's say you installed the Apache web server at one point,and this opened up port 80 on your firewall.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 69 today we're going to discuss about In security one of the most important things is to ensure that you understand,what openings you have created in your systems.When it comes to computers and networks,most of these openings are going to be created by ports.Now a port is simply a logical communication endpoint that exists on your computer or your server.For example, if you're running a web server,you're going to have port 80 open and listening for inbound requests from your potential visitors.Now ports are classified as either inbound or outbound ports.An inbound port is used when your computer or server is listening for a connection.Just as in my earlier example,the web server had port 80 open, that's an inbound port.It's just waiting for somebody to come along and connect to it.An outbound port on the other hand, is opened by a computer whenever it wants to connect to a server.If my computer is attempting to make a connection to your web server over port 80,well, then my computer is going to open up a random high number port such as port 52363 and it's going to make an outbound request to that web server.Now, what does all this look like in the real world?Well, let's look at an example of how an inbound and outbound port are used when my laptop attempts to connect to a remote server over SSH.First, we have a server at the top of the screen and it has a public IP address assigned to it,and it's listening on port 22,so port 22 is the inbound port awaiting new connections.And in this case, port 22 is open.At the bottom of the screen,I have my laptop that wants to make the connection.Now, my laptop has a private IP address assigned because my network is using NAT at the router and that gives me some additional protections.So, notice at this point my laptop doesn't have any ports opened yet.So now my laptop wants to go and establish the SSH connection.It's going to open up an outbound port on itself,which is going to be some random high number port like 51233 and it's going to send a request to the SSH server over port 22 which is the server's inbound ports and destined for it's IP address in this case, 46.124.63.13.Now once a server receives this request,it has to respond to it.So, it's going to send a packet of information back to my laptop's IP in the outbound port that was open.In this case that's port 51233 and in reality it would be the public facing IP address of my router but for our example, I'm going to use the private IP address of 192.168.1.45.Now, that my laptop has made the request to the server and the server answered that request,we now have a session established and both devices can communicate back and forth as needed.Once that session is over,the connection is going to be closed,my laptop is going to close it's outbound port because it's no longer needed and the server will keep that inbound port open so they can receive requests from the next user who wants to use it.So now that we showed how ports work in the real world,let's talk a little bit more about the ports themselves.In addition to being called inbound and outbound ports,the ports are going to be assigned a number.Now, the number can be anywhere between 0 and 65,535 but this big range is actually divided into three smaller groups.The first group is called the Well-Known ports.This is for any ports that are between 0 and 1023.These are called Well-Known ports because they are designated by IANA the Internet Assigned Numbers Authority and they are going to assign it to commonly used protocols and ports.