"Internet Security - Weaknesses and Targets" is based on "Internet- & WWW-Technologies" and gives a detailed introduction on problems concerning Internet and Intranet security. After starting with some remarks on risk analysis and computer crimes, security weaknesses and targets are discussed in detail. Beside others the following topics are discussed in detail: human factor and technical failures, attacks on accounts and passwords, attacks on Internet protocol, misuse of design and programming errors, weaknesses in common operating systems, targets in the WWW, and viruses. The lecture course concludes with a discussion about the possibilities to detect attacks and intrusions and also describes ethical issuses.
| Internet Security - an Overview | 01:26:24 | |
|---|---|---|
| Risks when using Internet-based Info-Systems | 00:04:38 | |
| Systematic Problem in Internet Security | 00:05:48 | |
| Internet is an easy Target | 00:13:45 | |
| Improved Opportunities for Intrusion | 00:05:54 | |
| Direction of Internet Security | 00:03:58 | |
| Complexity of Internet | 00:06:36 | |
| Cyber Crimes and Damage | 00:12:02 | |
| General Risks of Interconnected IT-Systems | 00:06:16 | |
| Basic Risks by using Internet | 00:08:22 | |
| Course Content | 00:05:28 | |
| Nowaday's Internet | 00:13:37 |
| First Understanding of Internet and WWW | 01:19:26 | |
|---|---|---|
| Who-is-Who | 00:04:32 | |
| Internet Standards | 00:03:49 | |
| History of Internet and WWW | 00:09:38 | |
| WWW - Browser and WWW-Server | 00:08:06 | |
| WWW | 00:15:14 | |
| Internet Services and Applications | 00:04:42 | |
| Internets and Internet Protocols | 00:25:27 | |
| Computer Networks | 00:04:32 | |
| Introduction | 00:03:26 |
| Risk Analysis | 01:14:32 | |
|---|---|---|
| Introduction | 00:06:01 | |
| Risks in Internetworking IT-Systems | 00:13:41 | |
| Risk Definition | 00:02:07 | |
| Phases of Risk Analysis | 00:11:32 | |
| Evaluation of Risks | 00:25:04 | |
| Basic Risks of Internet | 00:16:07 |
| Cyber Crime: Criminals and Motives | 00:30:07 | |
|---|---|---|
| Potential Attackers | 00:30:07 |
| Hackers and Viruses | 00:47:14 | |
|---|---|---|
| First Hackers | 00:12:37 | |
| Underground Mailboxes | 00:02:03 | |
| Viruses, Worms, Trojan Horses | 00:11:43 | |
| Short History of Cyber Crime | 00:19:27 | |
| Financial Losses by Cyber Crime | 00:01:24 |
| Human Factor and Technical Failures | 00:44:25 | |
|---|---|---|
| Technical Failure | 00:11:02 | |
| Defective Design | 00:07:30 | |
| Lack of Knowledge and Carelessness | 00:09:29 | |
| Social Hacking | 00:04:33 | |
| Defective Organization | 00:03:27 | |
| Unprotected Hardware | 00:01:44 | |
| Most Typical Break-in Methods | 00:06:40 |
| (Online) Reconnaissance | 00:30:21 | |
|---|---|---|
| Introduction | 00:04:50 | |
| Passive Recon | 00:09:55 | |
| Web Recon | 00:11:01 | |
| Active Recon | 00:04:35 |
| OS Fingerprinting | 00:35:21 | |
|---|---|---|
| Introduction | 00:02:15 | |
| Telnet Session Negotiation/Banners | 00:05:49 | |
| TCP Stack Fingerprinting | 00:12:48 | |
| Passive Fingerprinting | 00:05:06 | |
| Fuzzy OS Fingerprinting | 00:05:35 | |
| TCP/IP Timeout Detection | 00:03:48 |
| Attacks on Accounts and Passwords | 00:50:42 | |
|---|---|---|
| Introduction | 00:07:42 | |
| Password Guessing | 00:04:54 | |
| Password Cracking | 00:23:22 | |
| Password Sniffering | 00:02:42 | |
| Password Monitoring | 00:01:38 | |
| Phishing - "Password Fishing" | 00:05:47 | |
| Protection Aganist Password Theft | 00:04:37 |
| Weaknesses of Internet Protocols I | 01:28:00 | |
|---|---|---|
| Introduction | 00:13:58 | |
| Attack Scenarios | 00:03:42 | |
| IP Address Spoofing | 00:06:18 | |
| ICMP Attacks | 00:23:53 | |
| Internet-Routing-Attack | 00:12:20 | |
| ARP - Attacks | 00:07:26 | |
| IP - Fragmentation Attacks | 00:11:33 | |
| IP - Bombing | 00:08:50 |
| Weaknesses of Internet Protocols II | 01:19:28 | |
|---|---|---|
| Introduction | 00:08:42 | |
| Attack Scenarios | 00:02:31 | |
| SYN - Flooding | 00:08:20 | |
| TCP - Sequence Number Attack | 00:16:20 | |
| Cancel/Hijack TCP-Connection | 00:07:29 | |
| UDP Attacks | 00:02:58 | |
| DNS Attacks | 00:07:10 | |
| SMTP Attacks | 00:04:37 | |
| Telnet Attacks | 00:04:16 | |
| FTP Attacks | 00:05:40 | |
| Weaknesses of VoIP Protocol | 00:11:25 |
| Misuse of Design and Programming Error | 00:37:12 | |
|---|---|---|
| Introduction | 00:02:22 | |
| Buffer Overflow | 00:19:09 | |
| Defective Syntax Check | 00:09:20 | |
| Race Conditions | 00:06:21 |
| Weaknesses of Unix/Linux | 01:24:46 | |
|---|---|---|
| Security Architecture of Unix | 00:10:39 | |
| Attacks at Boot-Time | 00:02:50 | |
| Password Attacks in Unix | 00:07:57 | |
| Abuse of Symbolic Links | 00:04:40 | |
| Breaking Out of Runtime Environments | 00:03:52 | |
| Network Attacks in Unix | 00:25:46 | |
| Stragies to Protect Unix-Systems | 00:29:02 |
| Weaknesses in Windows | 01:22:30 | |
|---|---|---|
| Introduction | 00:07:39 | |
| SMB Relay Attack | 00:06:29 | |
| RPC Attack | 00:04:53 | |
| UPnP Attack | 00:11:36 | |
| Remote Desktop Attacks | 00:06:26 | |
| MS Windows Server | 00:03:21 | |
| Kerberos Authentication Attacks | 00:02:57 | |
| Kerberos Authentication Review | 00:07:59 | |
| Cross-Domain Network Resources | 00:04:23 | |
| Weakness in Kerberos Protocol | 00:07:22 | |
| Defeating Buffer Overflow Prevention | 00:05:50 | |
| Mac OS X Weaknesses | 00:13:35 |
| Weaknesses of the World Wide Web I | 01:01:30 | |
|---|---|---|
| Introduction | 00:03:12 | |
| Target Web-Browser | 00:01:19 | |
| Spying Out Personal Data | 00:13:24 | |
| Java | 00:21:13 | |
| JavaScript | 00:13:30 | |
| ActiveX | 00:03:28 | |
| Protective Measure for Web-Browsers | 00:05:24 |
| Weaknesses in World Wide Web II | 01:13:11 | |
|---|---|---|
| Introduction | 00:04:35 | |
| Break into Web-Servers | 00:01:50 | |
| CGI-Attacks | 00:04:22 | |
| URL-Attacks | 00:05:40 | |
| SQL-Injection | 00:11:58 | |
| Cross-Site Scripting | 00:12:34 | |
| Current Challenges of SOA Security | 00:05:38 | |
| WS-Security | 00:12:52 | |
| Current Challenges of Web 2.0 Security | 00:13:42 |
| Wireless Security | 01:23:57 | |
|---|---|---|
| Introduction | 00:04:46 | |
| IEEE 802.11 Wireless LAN - WLAN | 00:17:21 | |
| WLAN Parameters | 00:04:08 | |
| WLAN Security Mechanisms | 00:07:43 | |
| WLAN Security Weaknesses | 00:11:00 | |
| WLAN Security with IEEE 802.1x | 00:05:20 | |
| Extended WLAN Security | 00:14:32 | |
| WLAN Security in Practice | 00:05:21 | |
| Cellular Phone Technologies | 00:05:48 | |
| Secure Connections with Mobile Devices | 00:02:56 | |
| Weaknesses of GSM Technologies | 00:02:05 | |
| Summary | 00:02:57 |
| Detection of Attacks and Intrusions | 01:08:11 | |
|---|---|---|
| Introduction | 00:07:57 | |
| Audit Log Reduction | 00:02:47 | |
| Anomalies and Attack Signatures | 00:01:58 | |
| Anomalies | 00:05:20 | |
| Detecting Anomalies | 00:11:09 | |
| Attack Signatures | 00:06:15 | |
| Implementation of IDS | 00:01:48 | |
| Network-based IDS | 00:05:24 | |
| Host-based IDS | 00:04:54 | |
| Implementation of Intrusion Dection System | 00:03:29 | |
| Reactions on Attacks | 00:04:59 | |
| Intrusion Response | 00:03:47 | |
| Limitations of Intrusion Dection Systems | 00:08:24 |
| Legal and Ethical in Internet Security | 01:17:37 | |
|---|---|---|
| Legal Systems | 00:15:30 | |
| Example: German Criminal Law | 00:10:19 | |
| Case Studies | 00:16:55 | |
| Responsibility of IT_Managers | 00:03:28 | |
| Ethical Issues | 00:13:09 | |
| Case Studies | 00:07:16 | |
| Case of Ethics | 00:11:00 |
