DOC PREVIEW
Stanford CS 155 - Lecture Notes

This preview shows page 1-2-3-4-5-6-7-46-47-48-49-50-51-92-93-94-95-96-97-98 out of 98 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 98 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Network Security Testing CS 155 Elie BurszteinWhy testing security• Get a snapshot of the current security• Evaluate the capacity to face intrusion• Test backup planSCOPEOSSTMM!""#$$%&'( %)*#+%,%*-./0123.40-%.0%.56%!76-%"02/36%"632/4.8%#69.4-:%$6.5010;0:8%$<-2<;&'%=2:29.%>((?!"#$%&'(#)%"*#%*#+,*-../00!"# $%&#$$' $ ()*+,# $ (#,*+-./ $ !#0.-'1 $ 2#.")3)4)1/ $ 25'*54$$$ 6%((!227 $ &+)8-3#0 $ 5 $ 9#.")3)4)1/ $ :)+ $ 5$.")+)*1" $ 0#,*+-./ $ .#0.; $ "#+# $ $ +#:#++#3 $ .) $ 50 $ 5' $ %((!22$ 5*3-.< $ $ ='$ %((!22 $ 5*3-. $ -0 $ 5' $ 5,,*+5.#$9#50*+#9#'.$):$0#,*+-./$5.$5'$)&#+5.-)'54$4#8#4$."5.$ -0$,4#5+$):$500*9&.-)'0$5'3$5'#,3).54$#8-3#',#<$=0$5$ 9#.")3)4 )1/$-.$-0$3#0-1'#3$.)$>#$,)'0-0.#' .$5'3$+#&#5 .5>4#<$$$=0$5' $)&#'$0)*+,#$9#.")3)4)1/;$-.$544)?0$:)+$:+##$3-00#9-'5.-)'$):$-':)+95 .-)'$5'3$-'.#44#,.*54 $&+)&#+./<$(-',#$- .0$0.5+.$5.$."#$#'3$):$@AAA;$."#$%((!22$B*-,C4/$1+#?$ $.)$#',)9&500$544$0#,*+-./$,"5''#40$?-."$."#$5&&4-#3$#D&#+-#',#$):$.")*05'30$):$+#8-#?#+0< $E/$@AAF;$."#$%((!22 $? 50$')$4)'1#+$$,)'0-3#+#3$G*0.$5'$#."-,54$"5,C-'1$:+59#?)+C<$H.$"53$>#,)9#$5$9#.")3)4)1/$.)$500*+#$0#,*+-./$?50$>#-'1$3 )'#$+-1".$5.$."#$)&#+5.-)'54 $4#8#4<$ $=0$5*3-.0 $>#,59#$ 95-'0.+#59;$."#$'##3$:)+$5$0)4-3$9# .")3)4)1/$>#,59#$,+-.-,54<$$H'$@AAI;$."#$%((!22$,"5'1#3$:+)9$3#:-'-'1$.#0.0$>50#3$)'$0)4*.-)'0$0*,"$ 50$$:-+#?544$ .#0.0$5'3$+)*.#+$.#0.0$.)$$5$0 .5'35+3$:)+$.")0#$? ")$'##3#3$5$+#4-5>4#$0 #,*+- ./$.#0.$+5."#+$."5'$G*0.$5$,)9&4-5',#$+#&)+.$ $:)+$5$0 &#,-:-,$+#1*45.-)'$)+$4 #1-045.-)'<J-." $ K#+0-)' $ L; $ ."# $ %((!22 $ #',)9&500#0 $ .#0.0 $ :+)9 $ 544 $ ,"5''#40 $ M $ N*95' $ ; $ O"/0-,54; $ J-+#4#00;$!#4#,)99*'-,5.-)'0; $ 5'3 $ P5.5 $ Q#.?)+C0< $ =$ 0#. $ ): $ 0#,*+-./ $ 9#.+-,0; $ ,54 4#3 $ R-0C $ =00#009 #'. $ K54*#0$6R=K07; $ &+)8-3# $ 5 $ &)?#+:*4 $ .))4 $ ."5. $ ,5' $ &+)8-3# $ 5 $ 1+5&"-,54 $ +#&+#0#'.5.-)' $ ): $ 0.5.#; $ 5'3 $ 0")?$,"5'1#0$-'$0.5.#$)8#+$.-9#<$!"-0$-'.#1+ 5.#0$?#44$?- ."$5$S350">)5+3S$:)+$95'51#9#'.$5'3$-0$>#'#:-,-54$:)+$>)."$-'.#+'54$5'3$#D.#+'54$.#0.-'1;$544)?-'1$5$,)9&5+-0)'T,)9>-'5.-)'$):$."#$.?)<$ $U*5'.-.5.-8#$R-0C$25'51#9#' .$,5'$>#$3)'#$:+)9$."#$%((!22$=*3-.$+#&)+.$:-'3 -'10;$&+)8-3-'1$5$9*,"$-9&+)8#3$+#0*4.$3*#$.)$$9)+#$5,,*+5.#;$#++)+$:+##$+#0*4.0<$!"#$%((!2 2$-',4*3#0$-':)+95.-)'$:)+$&+)G#,.$&45''-'1;$B*5'.-:/-'1$+#0*4.0;$5'3$."#$+*4#0$):$#'151#9#'.$:)+$&#+:)+9-'1$0#,*+-./$5*3-.0<$$!"#$9#.")3)4)1/$,5'$>#$ #50-4/$-'.#1+5.#3 $?-." $#D-0.-'1$45?0$5'3$&)4-,-#0$.)$500*+#$5$.")+)*1"$0#,*+-./ $5*3-.$."+)*1"$544$,"5''#40<H.$-0$+#,)99#'3#3$."5.$/)*$+#53$."+)*1"$."#$%((!22$)',#$,)9&4#.#4/$>#:)+#$&*..-'1$-.$-'.)$&+5,.-,#<$H.$5-90$.)$>#$5$0.+5-1" .M:)+?5+3$.))4$:)+$."#$-9&4#9#'.5.-)'$5'3$3),*9#'.5.-)'$):$5$0#,*+-./$.#0.<$V*+."#+$500-0.5',#$:)+$.")0#$?")$'##3$"#4&$-'$*'3#+0.5'3-'1$5'3$-9&4#9#'.-'1$."-0$9#.")3)4)1/$-0$585-45>4#$5.$."#$H(WX%2$?#>0-.#<$$1'$2%3,!"#$&+-9 5+/$&*+&)0#$):$."-0$95'*54$-0$.)$&+)8-3#$5$0,-#'.-:-, $ 9#.")3)4)1/ $ :)+ $ ."# $ 5,,*+5.#$,"5+5,.#+-Y5.-)' $ ): $ 0#,*+-./ $ ."+)*1" $ #D59-'5.-)'$5'3$,)++#45.-)'$):$.#0.$+#0*4.0$-'$5$, )'0-0.#'. $5'3$+#4-5>4#$?5/<$ $!"-0$95'*54$-0$535&.5>4#$.)$549)0.$5'/$5*3-.$./&#;$-',4*3-'1$&#'#.+5.-)'$.#0.0;$#."-,54$"5,C-'1; $ 0#,*+-./ $ 500#009#'.0; $ 8* 4'#+5>-4-./$500#009#'.0; $ +#3M.#59-'1; $ >4*#M.#59-'1; $ 5'3 $ 0)$:)+."<$H.$-0$?+-..#'$50$5$0#,*+-./$+#0#5+,"$3),* 9#'.$5'3 $ -0 $ 3#0-1'#3 $ :)+ $ $ :5,.*54 $ 0#,*+-./ $ 8#+-:-,5.-)'$5'3$&+#0#'.5 .-)'$):$9#.+-,0$)'$5$&+):#00-)'54$4#8#4<$!!%@/6<.4A6%@0BB0-9%>'C%=../4D2.40-EF0-@0BB6/34<;EF0G6/4A9% >((HE>((?I%*"+@!$!""#$$%@6/.4J43<.40-% J0/% =214.0/9I%=-<;89.9I%<-1%"632/4.8%K/0J69940-<;9%,%LLL'4963 0B'0/:I%LLL'09 9.BB'0/: %Results • Date /type• Duration• Auditor and analyst associated• Test type• Scope• Test index• Channel test• Test vector• Verified test and metrics calculations of the operational protection levels, loss controls, and security limitations • Knowledge of which tests have been completed, not completed, or only partially completed, and to what extent • Any issues regarding the test and the validity of the results • Test error margins • Any processes which influence the security limitations • Any unknowns or anomalies •SCOPEOSSTMM!""#$$%&'(%)*#+%,%*-./0123 .40-%.0%.56%!76-%"02/36%"632/4.8%#69.4- :%$6.5 010;0:8%$ <-2<;&'%=2:29.%>((?!"#$%&'()*!"#$%&'()*+&,+ +'%&-(#*(.+ +/&.0 +'+,*.+"1+-*(*2'%+$"%&)&*,3+/0*2*+ +.0*+.4$* +"1+)"#$%&'()*+2*56&2*7+7*$*(7,+6$"(+.0*+2*-&"(+'(7+)622*(.%4+26%&(-+-"8*2(#*(.3+&(76,.24+'(7+96,&(*,,+.4$*,3+'(7+,6$$"2.&(-+%*-&,%'.&"(:++!"#$%&'()*++&,+)"#$6%,"24;+0"/*8*23+',+/&.0+'(4+".0*2+.02*'.3+'+2&,<+',,*,,#*(.+#6,.+9*+#'7*+/0*.0*2+"2+(".+."+&(8*,.+&(+'(4+.4$*+"1+)"#$%&'()*:+ +=1.*(3+ +)"#$%&'()*+&,+(".+',+9%')<+'(7+/0&.*+',+&.+'$$*'2, +."+9*:++>0*+=??>@@+2*)"-(&A*,+.02**+.4$*,+"1+)"#$%&'()*BC: D*-&,%'.&"(:+ +!"#$%&'()*+/&.0+%*-&,%'.&"(+&,+&(+'))"27'()*+."+.0*+2*-&"(+/0*2*+.0*+%*-&,%'.&"(+)'( + 9* + *(1"2)*7: + >0* + ,.2*(-.0 + '(7 + )"##&.#*(. + ." + .0* + %*-&,% '.&"( + )"#*, + 12"# + $2*8&"6,%4+,6))*,,16%+%*-'%+'2-6#*(.,+'(7+'$$2"$2&'.*%4+,*.+'(7+E6,.+*(1"2)*#*(.+#*',62*,:+F'&%62*+."+)"#$%4+/&.0+%*-&,%'.&"(+#'4+%*'7+."+)2&#&('%+)0'2-*,:G: H*-6% '.&"(:+ +!"#$%&'()*+."+2*-6%'.&"(+&,+&(+'))"27'()*+."+.0* +&(76,.24+"2+/&.0&( +.0*+-2"6$+/0*2*+.0*+2*-6%'.&"(+)'(+9*+*(1"2)*7:+ +F'&%62*+."+)"#$%4+/&.0+*,.'9%&,0*7+2*-6%'.&"(,+ +"1.*(+%*'7,+."+7&,#&,,'%+12"#+.0*+-2"6$3+'+ %",,+"1+$2&8&%*-*,3+'+#"(*.'24+1&(*3+)&8&%+)0'2-*,3+'(7+&(+,"#*+)',*,+/0*2*+%*-&,%'.&"(+*I&,.,+." +,6$$"2. +.0*+2*-6%'."24+9"743+)2&#&('%+)0'2-*,:J: K"%&)4:+!"#$%&'()*+."+$"%&)4+&,+&(+'))"27'()*+."+.0*+96,&(*,,+"2+"2-'(&A'.&"(+/0*2*+.0*+$"%&)4+)'(+9*+*(1"2)*7:++F'&%62*+."+)"#$%4+/&.0+$"%&)4++"1.*(+%*'7,+."+7&,#&,,'%+12"#+.0*+"2-'(&A'.&"(3+'+%",,+"1+$2&8&%*-*,3+'+#"(*.'24+1&(*3+)&8&%+)0'2-*,3+'(7+&(+,"#*+)',*,+/0*2*+%*-&,%'.&"(+*I&,.,+."+,6$$"2.+.0*+$"%&)4+#'<*2,3+)2&#&('%+)0'2-*,:>0*+=??>@@+&,+7*8*%"$*7+/&.0+)"()*2(+1"2+#'E"2+%*-&,%'.&"(+'(7+2*-6%'.&"(,:++L,+(".+'%%+)"#$%&'()*+&,+)2*'.*7+*56'%%43+.0*+#'&(+1")6,+"1+.0*+=??>@@+&,+,*)62&.4:++D*-&,% '.&"(+'(7+2*-6%'.&"(+.0'.+7*.'&%+.0*+$62)0',&(-+"1+,$*)&1&)+$2"76).,+"2+,*28&)*,3+"1.*(+.02"6-0+,$*)&'%%4+%"99&*7+*11"2.,3+#'4+0'8*+-""7+&(.*(.&"(,;+0"/*8*23+.0*+=??>@@+)'((".+7&2*).%4+#**.+.0*,*+$'2.&)6%'2+2*56&2*#*( .,:+


View Full Document

Stanford CS 155 - Lecture Notes

Documents in this Course
Lecture 5

Lecture 5

64 pages

Phishing

Phishing

31 pages

Load more
Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?