NETWORK SECURITY SEARCHING & ANALYSING INFORMATION MAI Xuân Phú xuanphu150@gmail.com 1 Last lecture 2  Review o OSI model o TCP/IP o Collision domain & broadcast domain o Well-known protocols • HTTP, FTP, DNS, SMTP, POP, IMAP, TCP, UDP, IP, ARP… o Network devices  Overview of network security o Definitions o Tasks of Network Security o Attacks, services and mechanisms o Security attacks o Security services o Methods of Defense o A model for Internetwork Security Today 3  Introduction  Footprinting  Scanning  Enumeration Thanks  Some contents of this course are referenced from: o William Stallings, Cryptography and Network Security, slides by Lawrie Brown o Henric Johnson, Network Security, Blekinge Institute of Technology, Sweden o J. Wang, Computer Network Security Theory and Practice, Springer, 2009 o Security+ Guide to Network Security Fundamentals, Third Edition o Jim Kurose & Keith Ross, “Computer Networking: A Top-Down Approach”, 5 th edition, Addison Wesley, 2009 o Jean-Pierre Lips, Sécurité des Sécurité des Systèmes d'Information, Université de Nice- Sophia Antipolis o Certified Ethical Hacker (CEH), 7th Version o Renaud BIDOU, Security Training 4 Contents 5  Introduction  Footprinting  Scanning  Enumeration Information  Information as a concept has numerous meanings, from everyday usage to technical settings.  Generally speaking, the concept of information is closely related to notions of constraint, communication, control, data, form, instruction, knowledge, meaning, mental stimulus, pattern, perception, and representation. (source: wikipedia)  Where are information? 6 Business  Information to banks?  Information to enterprise?  Information to military, to government? 7 System  Information to a server?  Information to an administrator? 8 Gathering information  How to gather information?  What will we process these information? 9 Contents 10  Introduction  Footprinting (CEH v7, chapter 2)  Scanning  Enumeration [...]... 4th Edition  Mike Pastore & Emmett Dulaney, CompTIA Security+ - Study guide, 3rd edition, Wiley Publishing, 2006  Cryptography and Network Security Principles and Practices  Jie Wang, Computer Network Security - Theory and Practice, Springer  Justin Clarke & Nitesh Dhanjani, Network Security Tools, O'Reilly, April 2005  Certified Ethical Hacker, 7th version: chapter 2, 3 & 4  ISO 17799 13 Discussion... Nitesh Dhanjani, Network Security Tools, O'Reilly, April 2005  Certified Ethical Hacker, 7th version: chapter 2, 3 & 4  ISO 17799 13 Discussion  Questions?  Ideas?  Suggestions? 14 Lab 1  List all information of this university network o o o o Server IP DNS …  Work in group  Sending task to xuanphu150@gmail.com 15 . SECURITY SEARCHING & ANALYSING INFORMATION MAI Xuân Phú xuanphu150@gmail.com 1 Last lecture 2  Review o OSI model o TCP/IP o Collision domain & broadcast. wikipedia)  Where are information? 6 Business  Information to banks?  Information to enterprise?  Information to military, to government? 7 System  Information