"Internet Security - Weaknesses and Targets" is based on "Internet- & WWW-Technologies" and gives a detailed introduction on problems concerning Internet and Intranet security. After starting with some remarks on risk analysis and computer crimes, security weaknesses and targets are discussed in detail. Beside others the following topics are discussed in detail: human factor and technical failures, attacks on accounts and passwords, attacks on Internet protocol, misuse of design and programming errors, weaknesses in common operating systems, targets in the WWW, and viruses. The lecture course concludes with a discussion about the possibilities to detect attacks and intrusions and also describes ethical issuses.
| Cyber Crime: Potential Attackers | 00:24:52 | |
|---|---|---|
| Potential Attackers | 00:03:33 | |
| Staff of the Own Enterprise | 00:06:11 | |
| Hackers from High Schools | 00:06:47 | |
| Professional Hackers | 00:05:26 | |
| Terrorists | 00:03:07 |
| Hackers and Viruses | 01:06:24 | |
|---|---|---|
| First Generation of Hackers | 00:09:46 | |
| Underground Mailboxes | 00:02:56 | |
| Viruses, Worms, Trojan Horses | 00:13:50 | |
| Short History of Cyber Crime | 00:36:26 | |
| Financial Losses by Cyber Crime | 00:04:24 |
| Risk Analysis | 01:22:29 | |
|---|---|---|
| Introduction | 00:22:01 | |
| Risk Definition | 00:14:41 | |
| Evaluation of Risks | 00:13:34 | |
| Vulnerabilities reported by CERT | 00:10:50 | |
| Difficulty of technical accomplishment | 00:07:28 | |
| Basic Risks of Internet | 00:13:55 |
| (Online) Reconnaissance | 00:34:18 | |
|---|---|---|
| Introduction | 00:04:34 | |
| Passive Recon | 00:10:07 | |
| Web Recon | 00:13:54 | |
| Active Recon | 00:06:29 |
| OS Fingerprinting | 00:34:06 | |
|---|---|---|
| Introduction | 00:03:02 | |
| Telnet Session Negotiation Banners | 00:04:51 | |
| TCP Stack Fingerprinting | 00:12:58 | |
| Passive Fingerprinting | 00:04:16 | |
| Fuzzy OS Fingerprinting | 00:07:59 | |
| TCP/IP Timeout Detection | 00:03:00 |
| Attacks on Accounts and Passwords | 00:49:59 | |
|---|---|---|
| Introduction | 00:04:50 | |
| Password Guessing | 00:10:26 | |
| Password Cracking | 00:15:43 | |
| Strong Passwords | 00:09:04 | |
| Password Sniffing | 00:03:08 | |
| Phishing - Password Fishing | 00:06:23 |
| Weaknesses of Internet Protocols (1) | 01:29:04 | |
|---|---|---|
| Introduction | 00:12:58 | |
| IP Address Spoofing | 00:06:38 | |
| ICMP-Attacks | 00:22:20 | |
| Internet-Routing-Attacks | 00:13:45 | |
| ARP-Attacks | 00:14:27 | |
| IP-Fragmentation Attacks | 00:12:41 | |
| IP-Bombing | 00:06:07 |
| Weaknesses of Internet Protocols (2) | 01:33:51 | |
|---|---|---|
| Content | 00:19:19 | |
| SYN-Flooding | 00:10:06 | |
| TCP-Sequence-Number-Attack | 00:18:23 | |
| Cancel/Hijack TCP-Connections | 00:10:00 | |
| Attacks on TLS/SSL | 00:12:30 | |
| DNS-Attacks | 00:15:31 | |
| FTP-Attacks | 00:16:02 |
| Design and Programming Errors | 00:31:40 | |
|---|---|---|
| Buffer Overflow | 00:17:56 | |
| Defective Syntax Check | 00:07:03 | |
| Race Conditions | 00:06:41 |
| Weaknesses of Unix / Linux | 01:21:40 | |
|---|---|---|
| Security Architecture of Unix | 00:16:03 | |
| SUID Abuse | 00:10:09 | |
| Network and Application Attacks in Unix | 00:20:44 | |
| DNS / BIND Vulnerabilities | 00:06:08 | |
| Strategies to protect Unix-Systems | 00:25:51 | |
| Information about Unix-Security | 00:02:45 |
| Weaknesses of Windows and Mac OS X | 01:16:30 | |
|---|---|---|
| Introduction | 00:08:29 | |
| SMB Relay Attack | 00:09:22 | |
| UPnP Attacks | 00:19:59 | |
| Kerberos Authentification Attacks | 00:11:07 | |
| Cross-Domain Network Resources | 00:10:40 | |
| Defeating Buffer Overflow Prevention | 00:06:27 | |
| Mac OS X Weaknesses | 00:10:26 |
| Weaknesses of the World Wide Web (1) - Target Web-Browser | 01:04:12 | |
|---|---|---|
| Introduction | 00:06:00 | |
| Spying out Personal Data | 00:15:00 | |
| Java | 00:19:52 | |
| Java Script | 00:10:00 | |
| ActiveX | 00:06:52 | |
| Protective Measures for Web-Browsers | 00:06:28 |
| Weaknesses of the World Wide Web (2) | 01:12:42 | |
|---|---|---|
| Introduction | 00:12:49 | |
| URL-Attacks | 00:06:32 | |
| SQL-Injection | 00:11:50 | |
| Cross-Site-Scripting | 00:12:14 | |
| Cross-Site Request Forgery | 00:08:16 | |
| WS-Security | 00:10:38 | |
| WS-Security 2 | 00:10:23 |
| Wireless Security | 01:32:30 | |
|---|---|---|
| Introduction | 00:04:12 | |
| IEEE 802.11 Wireless LAN | 00:16:55 | |
| WLAN Parameters | 00:11:25 | |
| WLAN Security Weaknesses | 00:14:06 | |
| WLAN Security with IEEE 802.1x | 00:07:26 | |
| Extended WLAN Security | 00:20:44 | |
| Cellular Phone Technologies | 00:17:42 |
| Human Factor and Technical Failures | 00:40:08 | |
|---|---|---|
| Technical Features | 00:09:05 | |
| Defective Design | 00:08:46 | |
| Lack of Knowledge and Carelessness | 00:06:47 | |
| Social Hacking | 00:09:17 | |
| Unprotected Hardware | 00:07:13 |
| Detection of Attacks and Intrusions | 01:18:30 | |
|---|---|---|
| Introduction | 00:17:55 | |
| Detect Anomalies | 00:11:19 | |
| Attack Signatures | 00:07:22 | |
| Anti-Virus Software | 00:14:47 | |
| Implementation of IDS | 00:05:20 | |
| Reactions on Attacks | 00:13:18 | |
| Limitations of IDS | 00:08:30 |
| Law and Ethics | 01:27:07 | |
|---|---|---|
| Introduction | 00:05:24 | |
| Legal Systems | 00:23:23 | |
| Case Studies | 00:21:53 | |
| Ethical Issues | 00:25:33 | |
| IEEE Code of Ethics | 00:10:54 |
| Internet Security - An Overview | 01:17:21 | |
|---|---|---|
| Start | 00:15:24 | |
| Systematic Problems in Internet Security | 00:14:33 | |
| Improved Opportunities for Intrusion | 00:13:06 | |
| Cyber Crimes and Damage | 00:14:27 | |
| General Risks of Interconnected IT-Systems | 00:15:54 | |
| General Internet Weaknesses and Targets | 00:03:57 |
