Professional Documents
Culture Documents
Network Security VA
Network Security VA
Confidentiality
The state of being Confidentiality
secret
Integrity
ity
No unauthorized
Int
modification
bil
egr
aila
ity
Av
Avilability
Available when ever
required
AAA- Principle
Validate who the user is ?
The online banking web
site ask for a valid userid
and password before A ut h
entic
granting access in the ation
system
tion
a
o riz
What a user can do ? Au
th What user has done?
After getting access to the The bank keeps an audit
online banking web site, Accou trail of all the actions
nting
user can view account which the user performed
details of his savings during his stay with the
account only system
Basic
• Vulnerability: Weakness/Loophole in a system which allows threat.
• Threat: Take advantage of vulnerability to hack a system.
• Risk: The potential loss caused due to threat.
• TCP SCAN
• UDP SCAN
• SYN SCAN
• ACK SCAN
• FIN SCAN
• NULL SCAN
• XMAS SCAN
TCP Flags:
1 2 3 4 5 6
SYN (synchronize): ACK RST (reset): Signify the FIN (finish): Indicate PSH (push): Indicate URG (urgent): Indicate
Packets that are used (acknowledgment): connection is down or that the connection is that the incoming data that the data that the
to initiate a Packets that are used maybe the service is being torn down. Both should be passed on packet is carrying
connection. to confirm that the not accepting the the sender and directly to the should be processed
data packets have requests receiver send the FIN application instead of immediately by the
been received, also packets to gracefully getting buffered TCP stack
used to confirm the terminate the
initiation request and connection
tear down requests
TCP SCAN:
• Tcp scan will scan for TCP port like port 22,
21, 23, 445 etc and ensure for listening
port (open) through 3-way handshake
connection between the source and
destination port.
0 8 16 24 31
Decimal 192 168 21 76
Hex C0 A8 15 4C
1-126
0 2 8 16 24 31
Example: NEU
Class B 10 Network Host
129.10.*.*
128-191
0 3 8 16 24 31
Example:
Class C 110 Network Host
216.63.78.*
192-223 31
Threat Modeling
• Identifying threats.
• Mitigating threats.