Internet and Network Security Introduction to Network Security.
Workshop on Network Security
-
Upload
narendran-thangarajan -
Category
Technology
-
view
2.308 -
download
0
description
Transcript of Workshop on Network Security
![Page 1: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/1.jpg)
![Page 2: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/2.jpg)
Are We Secure ?
![Page 3: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/3.jpg)
What you should know about hacking?
• The impact of hacking is much worse than we could possibly imagine..
• A single ID compromised can lead to the devastation of your reputation and even money..
![Page 4: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/4.jpg)
What if your Gmail account is hacked!!
![Page 5: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/5.jpg)
What if FaceBook??!!
![Page 6: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/6.jpg)
Agenda
• Social Engineering• ARP Poisoning – MITM• Injection attacks• Cross Site Scripting• Wireless Security• Cross Site Request Forgery• Google Hacking• Linux vs. Microsoft• The Servers FaceOff
![Page 7: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/7.jpg)
To catch a hacker, we should think like one
• What does a hacker want?
• Why does he want it?
• How he gets it?
Aaha!! Got it
![Page 8: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/8.jpg)
• Use at least eight characters, the more characters the better. (safe from Brute Force attacks)
• Don't use a word found in a dictionary. (Safe from Dictionary attacks)
• Never use the same password twice. (safe for obvious reasons)
• Use a random mixture of characters, upper and lower case, numbers, punctuation, spaces and symbols.
![Page 9: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/9.jpg)
Social Engineering is the first attack of the session
![Page 10: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/10.jpg)
• Psychologically manipulating people into performing some action and extracting confidential information, instead of breaking in or using technical cracking skills..
![Page 11: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/11.jpg)
1. Security Question
• You got 500 Facebook Friends who could answer all these questions!!
![Page 12: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/12.jpg)
2. Social Networking
• Vulnerability : Human tendency to share intimate details of human life.
• Though few sites allow us to set privacy controls on visibility, still most of our details are shared to the applications.
• So any hacker could exploit this to find information about us.
![Page 13: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/13.jpg)
• Cyber attack on Google in December 2009.
• Chinese rebels’ accounts were accessed.
• Led to Google pulling out from China.
• A combination of Social Engineering and Zero-day vulnerabilities in IE6
![Page 14: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/14.jpg)
Protecting yourself
• Be aware that such attacks exist.
![Page 15: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/15.jpg)
![Page 16: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/16.jpg)
DISCLAIMER
• Hacking is Illegal
• This workshop is for Educational Purposes Only
• Only use this stuff on your websites and your own
networks.
![Page 17: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/17.jpg)
![Page 18: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/18.jpg)
ARP Poison Routing (APR)
MAC Address
IP Address
Address Resolution Protocol
![Page 19: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/19.jpg)
ARP Poisoning
• Usually : Victim Server
• In MITM : Victim Attacker Server
• Thus the Attacker becomes the “Man in the Middle” (MITM)
• This is done using ARP poisoning.
![Page 20: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/20.jpg)
Technique - MITM
![Page 21: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/21.jpg)
Counter Measures• All Your ARP Are Belong To Us ! !
• Encryption
• SSL
• Always Look out for the SSL Lock , if you are transferring confidential data.
• Public Key Cryptography
• MD5
![Page 22: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/22.jpg)
![Page 23: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/23.jpg)
PHP - Review
• HTML can only display static content. PHP is used for processing.
• PHP is a server side scripting language.
![Page 24: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/24.jpg)
![Page 25: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/25.jpg)
• Exploiting the weakness present in the code used for validation.
• Technology review:
– PHP
![Page 26: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/26.jpg)
Injection attack
• THUS A SIMPLE TEXTBOX BECOMES A PORTAL TO THE WEBSERVER.
• VULNERABILITY : Input from the user is processed as such by the PHP script in the server.
![Page 27: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/27.jpg)
![Page 28: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/28.jpg)
1. DIRECTORY TRAVERSAL
Directory
File
![Page 29: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/29.jpg)
Traversing Directories in Windows and Linux
– cd .. Takes us to the parent directory
– cd pages Takes us into the Directory “pages” in the current directory
– cd ../etc/files Goes back to parent directory then enters “etc” directory and then into “files” directory.
![Page 30: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/30.jpg)
Website
Index.htmlChoose.php Stunner.html
Pulsar.htmlJive.html
password.txt
Pages
![Page 31: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/31.jpg)
• Apache Tomcat was vulnerable to Directory Traversal attack till version 6.0.18 (fixed July 30,2010)
• RAD platform ColdFusion was found vulnerable to DT technique (fixed August 13th , 2010)
![Page 32: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/32.jpg)
Protection mechanisms
• Allow only Possible inputs..
• For the chosen scenario, make a list of Bike names.
![Page 33: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/33.jpg)
![Page 34: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/34.jpg)
SQL Injection
![Page 35: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/35.jpg)
A little bit of SQL queries
• With SQL, we can query a database and have a result set returned
SELECT last_nameFROM users WHERE user_id= 10;
• Gives a result set like this:
last_name
rahul
![Page 36: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/36.jpg)
What is SQL Injection?
The ability to inject SQL commands into the database engine through an existing application.
![Page 37: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/37.jpg)
How does SQL Injection work?
Comments : # , --
username: ' or 1=1 #
Password: anything
Final query would look like this:
SELECT * FROM users WHERE username = ' ' or 1=1
#AND password = 'anything'
![Page 38: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/38.jpg)
SQL Injection Defense
• Input Validation• Reject "select", "insert", "update", "shutdown",
"delete", "drop", "--", “#'"
• Implement stringent "allow only good" filters
• If the input is supposed to be numeric, use a numeric variable in your script to store it.
• Magic quotes gpc is an awesome inbuilt input filter for PHP .
![Page 39: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/39.jpg)
Cookies and Sessions
• A cookie(client-side) can keep information in the user's browser until deleted. Used for Authentication, site preferences ,focusing Ads.
• Sessions (server-side) assigs each user a unique number, called session id.
• This session id is stored in a cookie and passed in the URL between pages while the user browses.
![Page 40: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/40.jpg)
![Page 41: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/41.jpg)
XSS
![Page 42: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/42.jpg)
Cross-Site Scripting (XSS)
• What is it?:
The Web Application is used to store, transport, and deliver malicious active content to an unsuspecting user.
• XSS typically results from a web application that takes user input from one user and displays it to another user (or set of users ).
![Page 43: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/43.jpg)
Ways of Launching Cross-Site Scripting Attacks
Attacker's script must be sent to the victim
o Inter-user communication within the target site (i.e., message board, etc.)
o URL provided on a third-party web site (either clicked on by victim user or automatically loaded when visiting a malicious web site)
o URL embedded in an email or newsgroup posting
![Page 44: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/44.jpg)
![Page 45: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/45.jpg)
Defending XSS• Remove from user input all characters that are meaningful in
scripting languages:
– =<>"'();
– You must do this filtering on the server side
– You cannot do this filtering using Javascript on the client, because the attacker can get around such filtering
• More generally, on the server-side, your application must filter user input to remove:
– Quotes of all kinds (', ", and `)
– Semicolons (;), Asterisks (*), Percents (%), Underscores (_)
• Your best bet – define characters that are good and needed for the particular input (alpha and numeric), and filter everything else out .
![Page 46: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/46.jpg)
![Page 47: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/47.jpg)
![Page 48: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/48.jpg)
• The ever changing network scenario..
![Page 49: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/49.jpg)
![Page 50: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/50.jpg)
What’s so special about Wireless networks?
• Use internet anywhere, anytime.
• Save a lot of money.
• No need to carry cables.
• IT IS ALWAYS THERE
![Page 51: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/51.jpg)
The major problem in wireless networks – Plain text packets
• Wireless devices broadcast information.
• Access Anywhere, at the same time ACCESS TO ANYONE!!
![Page 52: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/52.jpg)
Need for Wireless Security
![Page 53: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/53.jpg)
Evolution of Wireless Security
1. Open SSID
2. Hidden SSID
3. WEP
4. WPA
5. WPA2
![Page 54: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/54.jpg)
1. Open SSID
• The SSID (Service Set Identifier) is a name for the wireless network.
• Open SSID – SSID is broadcasted
by the access point.
• So it is visible to everyone.
• And so anyone can connect to our network.
SSIDSSID
SSID
SSID
![Page 55: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/55.jpg)
2. Hidden SSID
• First layer of security.
• The user should know the name of the SSID to connect to the internet.
• Problem : Hidden SSIDs could be
found using Packet Sniffers.
![Page 56: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/56.jpg)
![Page 57: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/57.jpg)
3. WEP – Wired Equivalent Privacy
• Both the client PC and the Access point share a common key (Shared Key).
• The shared key generates a key-stream using RC4 algorithm.
• Then the key-stream is XORed with the plain text to create the cipher text.
• The cipher text is sent to the receiver.
SharedKey
![Page 58: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/58.jpg)
Key unchanged Same key-stream every time
• If the shared key used is not changed for every frame transmitted, then the data will be XORed with the same key every time!!
• So we use an Initialization Vector (IV) which changes for every frame sent thus making the key-stream unique for every frame using RC4 algorithm.
![Page 59: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/59.jpg)
WEP Simplified
![Page 60: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/60.jpg)
WEP Vulnerability
• IV changes for each frame transmitted.
• But IV is made up of 24 bits – Therefore only 16 million combinations are possible. So surely the key-stream has to repeat after a while.
• If two cipher text frames using same key-stream are captured, then using statistical analysis the plain text can be found.
![Page 61: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/61.jpg)
• Searching for Wifi Networks in a moving vehicle.
• Once a Wifi network is found, the place is marked with necessary details to connect to that network. (WAR-CHALKING)
![Page 62: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/62.jpg)
![Page 63: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/63.jpg)
Picture showing availability of an Open SSID network with bandwidth 1.5 Mbps.
![Page 64: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/64.jpg)
Is it not CRUEL?
![Page 65: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/65.jpg)
Cracking the WEP Key
• Interested in knowing how your home wireless network is getting poached?
• Now on to a Live Demo!
![Page 66: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/66.jpg)
So came WPA – Wifi Protected Alliance
• WPA – Temporal Key Integrity Protocol– TKIP (Personal)
– EAP (Enterprise)
• WPA 2 – (Counter mode with Cipher Block Chaining Message Authentication Protocol)– CCMP (Personal)
– EAP (Enterprise)
![Page 67: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/67.jpg)
![Page 68: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/68.jpg)
CSRF
![Page 69: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/69.jpg)
CSRF (Cross Site Request Forgery)
• A malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
• XSS exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
![Page 70: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/70.jpg)
Bank Forgery
![Page 71: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/71.jpg)
Social Networks
71
soicalnetwork.com
attacker’s post(CSRF Code) at blog.net
Delete certain friends
https://social.com/deletefriends.p
hp?id=66Add a person as friend
https://social.com/addfriend.php?
id=44 Change the password
https://social.com/changepass
?new_pass=hacked
![Page 72: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/72.jpg)
CSRF Defenses
• Secret Validation Token
• Referer Validation
<input type=hidden value=23a3af01b>
Referer: http://www.facebook.com/home.php
![Page 73: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/73.jpg)
![Page 74: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/74.jpg)
![Page 75: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/75.jpg)
• The best search engine.
• Google hacking is not a exact hack. It just makes hacking easy.
• VULNERABILITY : We can googleANYTHING!!
![Page 76: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/76.jpg)
• Version of the server our website uses.
• Error messages which contain too much information.
• Logon Portals
• Files containing passwords.
![Page 77: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/77.jpg)
1. Google Caches
• Google caches pages whenever its crawler finds a new page in the internet.
• When Cached pages are viewed then the IP address of the hacker is not logged into the system.
![Page 78: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/78.jpg)
2. Download anything from internet
• “parent directory” akon mp3 –xxx –html –htm–php –shtml –opendir –md5 –md5sum
• The above command returns the directory listing of all files under ‘Akon MP3’. Rest is “Right click” “Save Link As”
![Page 79: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/79.jpg)
3. Get server information
• Google provides information about the server which runs a website.. Some times even passwords
• Moreover some error logs in the website’s can be exploited to find the actual internal implementation of a website..
![Page 80: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/80.jpg)
Secure against Google hacks
• The password file should be saved in any name other than “password.txt” “Pass.db” or any other obviously funny names.
• Exceptions should be handled properly.
![Page 81: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/81.jpg)
![Page 82: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/82.jpg)
![Page 83: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/83.jpg)
![Page 84: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/84.jpg)
• Linux has NO open ports by default. But windows has open ports for Windows File Sharing even if no files are shared.
• Windows is susceptible to NULL session attack on port 139.
• Windows gives the root user the COMPLETE power to rule the PC!!
LINUX vs. MICROSOFT
![Page 85: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/85.jpg)
And that includes me too :P
![Page 86: Workshop on Network Security](https://reader034.fdocuments.in/reader034/viewer/2022051513/547be62fb4af9faa158b4fa1/html5/thumbnails/86.jpg)
Are We Secure ?