Hacking All in One
by istm gwu
1. Honeypot--only deals with direct attacks, not on other systems
1.1. Low interactive -- emulate systems, services
1.1.1. Port Listeners
1.2. Hi -- provide real system so complete behavior can be studied
1.2.1. Real services
2. IDS
2.1. Dorothy Denning
2.1.1. Conform to statistical predictable pattern
2.1.2. Do not include sequences and command
2.1.3. Conforms to set of specifcations
2.2. 3 Kinds -- Signature, anaomaly, Decoy -- Honeypots
2.2.1. Network device to observe and protect
2.2.2. Snort -- lightwt-- runs on Windows, Linux
2.2.2.1. Open source network -- runs on a network to observe and protect
2.2.2.2. New node
3. IS Maturity
3.1. blissful ignorance
3.2. awareness
3.3. corrective
3.4. ops excellece
4. best way Google
4.1. anti virus
4.2. disable JAVA
4.3. DIS pdfS
5. POINTS
5.1. SECURITY PROCES Not TECH
5.2. TRUST
5.3. WEAKESST LINK
5.4. TRADEOFFS
6. Methods
6.1. Network security
6.1.1. physical access server -- reboot w pirate disk, SCSI access via laptop, issue commands in traditional manner
6.2. OS- windows, LINUX
6.2.1. SNMP tricks
6.3. Web component -- cold fusion
6.4. Applicatiion security
6.5. Humans -- social eng
6.6. How
6.6.1. Unsophisticated -- Run scripts that test security, ID problem areas
6.6.2. Sophisticated -- Recon, work but not too fast. Tedious