In Sammlung (en) In der gespeicherten
  1. Ingenieurwissenschaft
  2. Informatik
  3. Datenbank

Inhaltsverzeichnis

Werbung 
IT-Security
Inhaltsverzeichnis
1 IT-Security ..................................................................................................................................................5
1.1 Computer- und Netzwerksicherheit.................................................................................................. 5
1.2 Hacker, Cracker und Skriptkiddies................................................................................................... 5
1.3 Zehn Gesetze der IT-Sicherheit ....................................................................................................... 6
1.4 Phasen eines Angriffs ...................................................................................................................... 6
2 Scanning.....................................................................................................................................................7
2.1 Sniffer ............................................................................................................................................... 7
2.2 Scan-Methoden ................................................................................................................................ 7
2.2.1 TCP connect()-Scan ......................................................................................................... 7
2.2.2 TCP SYN Scan ................................................................................................................. 8
2.2.3 TCP FIN/Xmas/Null Scan ................................................................................................. 8
2.2.4 TCP Idlescan .................................................................................................................... 8
2.3 Portscanner ...................................................................................................................................... 9
2.3.1 NMap................................................................................................................................. 9
2.4 DNS-Lookup Tools ......................................................................................................................... 10
2.5 Network Tracing Tools ................................................................................................................... 11
2.6 Firewall Probing Tools.................................................................................................................... 11
2.7 Penetrationstests............................................................................................................................ 11
3 Analyse der Informationen und Auswertung von Schwachstellen ....................................................12
3.1 Herausfinden der verwendeten Betriebssysteme und -versionen ................................................. 12
3.1.1 NMap............................................................................................................................... 12
3.1.2 Nessus (UNIX) ................................................................................................................ 13
3.2 Denial-of-Service-Attacken............................................................................................................. 13
4 Man-in-The-Middle-Angriffe (MITM-Angriffe) ........................................................................................15
4.1 ARP-Spoofing, ARP Poison Routing (APR)................................................................................... 15
4.1.1 ARP Spoofing mit Cain & Abel........................................................................................ 15
4.1.2 ARP Spoofing mit WinARPSpoof ................................................................................... 26
4.2 Maßnahmen gegen Man-in-the-Middle-Attacken........................................................................... 29
5 Angriffe auf Websites..............................................................................................................................31
5.1 Cross Site Scripting (XSS) ............................................................................................................. 31
5.2 Cross Site Request Forgery (CSRF, XSRF) .................................................................................. 31
5.3 SQL Injection.................................................................................................................................. 31
5.4 LDAP Injection................................................................................................................................ 32
5.5 Phlashing – Angriffe auf Embedded Systems................................................................................ 32
6 Firewalls ...................................................................................................................................................33
6.1 Firewall-Technologien .................................................................................................................... 33
6.1.1 Paketfilter ........................................................................................................................ 33
6.1.2 Stateful Inspection .......................................................................................................... 33
6.1.3 Application Layer Firewall / Proxy Firewall ..................................................................... 34
6.2 Marktübersicht................................................................................................................................ 34
6.2.1 Firewall-Software ............................................................................................................ 34
6.2.2 Firewall-Appliances......................................................................................................... 34
7 Authentifizierung und Erhöhung der Privilegien .................................................................................36
7.1 Cracken von Kennwörtern (Brute-Force-Attacken)........................................................................ 36
7.1.1 L0phtcrack....................................................................................................................... 37
7.1.2 Shadow Security Scanner............................................................................................... 37
© Mag. Christian Zahler, Stand: Mai 2010
1
IT-Security
8 Malware.....................................................................................................................................................38
8.1 Viren ............................................................................................................................................... 38
8.1.1 Allgemeines..................................................................................................................... 38
8.2 Trojaner, Backdoors und Rootkits.................................................................................................. 40
8.2.1 Back Orifice (Backdoor) .................................................................................................. 40
8.2.2 Sub7Legends (Backdoor) ............................................................................................... 40
8.2.3 Hacker Defender............................................................................................................. 41
8.3 Sicherheitsvorkehrungen................................................................................................................ 41
9 Patch-Management, MBSA, WSUS ........................................................................................................45
10 WLAN-Security ......................................................................................................................................49
10.1 Knacken von WEP-Schlüsseln..................................................................................................... 49
10.1.1 Airsnort.......................................................................................................................... 49
10.2 WLAN-Sniffer ............................................................................................................................... 49
10.2.1 NetStumbler .................................................................................................................. 49
10.3 Gegenmaßnahmen ...................................................................................................................... 50
11 Mailhygiene und Anti-Spam-Maßnahmen ...........................................................................................51
11.1 Spam (UBE, Unsolicited Bulk E-Mail) .......................................................................................... 51
11.2 Sammeln von E-Mail-Kontoinformationen.................................................................................... 51
11.3 Anti-Spam mit Exchange Server 2010 ......................................................................................... 52
11.3.1 Installieren der AntiSpam-Agents auf einem Hub Transport Server............................. 53
11.3.2 Antispamaktualisierungen verwenden .......................................................................... 53
11.3.3 IP-Sperrlistenanbieter (Blacklists)................................................................................. 56
11.3.4 Absenderfilterung.......................................................................................................... 59
11.3.5 Absenderzuverlässigkeitsfilterung ................................................................................ 59
11.3.6 Inhaltsfilterung (Content Filter)...................................................................................... 62
11.3.7 Ausnahmen für Content Filter festlegen ....................................................................... 65
11.3.8 Anzeigen des SCL-Wertes in Outlook .......................................................................... 65
11.4 Forefront Protection 2010 für Exchange Server .......................................................................... 72
11.5 Antispam-Drittanbieterprodukte ................................................................................................... 85
12 Intrusion Detection-Systeme (IDS) ......................................................................................................87
12.1.1 Snort.............................................................................................................................. 87
12.1.2 Honeypots ..................................................................................................................... 87
13 Verschiedene Tools und Websites ......................................................................................................88
14 Quellenangaben.....................................................................................................................................90
2
© Mag. Christian Zahler, Stand: Mai 2010
Zugehörige Unterlagen
GNT Fragenliste
GNT Fragenliste
P R E S S E M I T T E I L U N G
P R E S S E M I T T E I L U N G
Software-Entwickler (m/w) - ADDI
Software-Entwickler (m/w) - ADDI
Produktinformationen..
Produktinformationen..
(JUNIOR) CONSULTANT (m/w) im IT-Security Support
(JUNIOR) CONSULTANT (m/w) im IT-Security Support
Produktblatt - Software Factory GmbH
Produktblatt - Software Factory GmbH
Continuous Integration & Application Performance Management
Continuous Integration & Application Performance Management
firewall - VisionmaxX
firewall - VisionmaxX
Anforderungen an eine sichere Website (PDF, 4 Seiten, 203 kB)
Anforderungen an eine sichere Website (PDF, 4 Seiten, 203 kB)
MES Abkürzungen Begriffe - aspin - automation
MES Abkürzungen Begriffe - aspin - automation
Offene Ports der Firewall bei Server/Client Installation
Offene Ports der Firewall bei Server/Client Installation
Gasdaten-Abrufsoftware für DSFG-Bus - mesa
Gasdaten-Abrufsoftware für DSFG-Bus - mesa
Prep-Resultmaster Grafik_2
Prep-Resultmaster Grafik_2
Systemvoraussetzungen
Systemvoraussetzungen
Firewall WAN-LAN - Paul
Firewall WAN-LAN - Paul
TCP/IP aktivieren Rufen Sie über den Windows-Start
TCP/IP aktivieren Rufen Sie über den Windows-Start
Lerninhalte LF Fach WS kaufmännisches Rechnen WS Deutsch WS
Lerninhalte LF Fach WS kaufmännisches Rechnen WS Deutsch WS
Projektliste
Projektliste
Klausur vom Sommersemester 2014 als PPTX
Klausur vom Sommersemester 2014 als PPTX
OSI-Referenzmodell
OSI-Referenzmodell
IT-Security
IT-Security
Günter Lueger Solution Management Tools
Günter Lueger Solution Management Tools
Herunterladen
Werbung