Transcript Document
UNIT 3 SEMINAR Unit 3 Chapter 3 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds Email – [email protected] Office Hours: Tuesday 4:00 PM ET and Wednesday 6:00 PM ET UNIT 2 REVIEW What we covered last week… Chapter 2 Review – Identifying Potential Risks (If you don’t know what you’re up against, how do you prepare for it…) Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files UNIT 3 What is happening this week… Security heavy-weights go to San Francisco. The RSA Conference 2011 Hot products: http://www.networkworld.com/slideshows/2011/021411rsa.html?source=NWWNLE_nlt_daily_pm_2011-02-17 Keynote videos (also podcasts) http://www.rsaconference.com/2011/usa/recordings/key notecatalog.htm CHAPTER 3 Infrastructure and Connectivity Protecting the flow of data… Understanding Infrastructure Security Understanding Network Infrastructure Devices Monitoring and Diagnosing Networks Securing Workstations and Servers Understanding Mobile Devices Understanding Remote Access Securing Internet Connections Understanding Network Protocols Basics of Cabling, Wires and Communications Employing Removable Media CHAPTER 3 Understanding Infrastructure Security How information flows… Hardware Components Physical devices, such as routers, servers, firewalls, switches, workstations etc. Software Components Includes operating systems, applications, and management software NOC – Network Operations Center CHAPTER 3 Network Infrastructure Devices Firewall – purpose is to isolate one network from another. Firewalls can be hardware, software, appliances Types: Packet filter, proxy, stateful Inspection Hub Switch Router Modem Remote Access Services Telecom/PBX Systems Virtual Private Networks Wireless Access Points CHAPTER 3 Monitoring/Diagnosing Networks What you don’t know can hurt you… Network Monitors (sniffers) Intrusion Detection Systems - IDS (discussed later) Field Trips… http://learn-networking.com/network-security/three-archaic-backdoor-trojanprograms-that-still-serve-great-pranks Back Orifice 2000 http://www.bo2k.com/featurelist.html http://www.bo2k.com/docs/bo2k_1-0_tutorial.html Nmap ("Network Mapper") is a free utility for network exploration or security auditing. http://nmap.org/ Password Crackers http://sectools.org/crackers.html CHAPTER 3 Securing Workstations and Servers Hardening systems: Both workstations and servers are vulnerable. Remove unused software, services and processes Ensure that all workstations, servers and applications are up to date - Patches, updates, fixes Minimize information dissemination about the system Ex: Lock down configuration settings, use group policies and security templates, disable unneeded functions, evaluate sharing services. Windows Server 2008 – Security Configuration Wizard CHAPTER 3 Understanding Mobile Devices Who is connecting to your network through a wireless device? Include pagers, PDAs, cell phones, etc. WTLS layer (Wireless Transport Layer Security) WAP (Wireless Access Protocol) Wireless Session Protocol (WSP) CHAPTER 3 Understanding Remote Access Point-to-Point Protocol (PPP) plus CHAP – Challenge Handshake Authentication Protocol Tunneling Protocols PPTP L2F L2TP Secure Shell IPSec (IP Security used with tunneling protocols) 802.1x Wireless Protocols RADIUS TACACS/+ CHAPTER 3 Securing Internet Connections Ports and Sockets Web vulnerabilities E-mail E-mail protocols SMTP POP/POP3 IMAP E-mail vulnerabilities SPAM Hoaxes Web Secure web connections SSL/TLS HTTP/S FTP ActiveX Buffer Overflows CGI Cookies Cross-site Scripting (XSS) Input validation Java Applets JavaScript Popups Signed Applets SMTP Relay Blind/Anonymous FTP Secure FTP Sharing Files Vulnerabilities CHAPTER 3 Ports, Sockets and Sniffers Port Scanners: http://sectools.org/port-scanners.html Packet Sniffers: http://sectools.org/sniffers.html http://www.wireshark.org/download.html CHAPTER 3 SNMP and Other TCP/IP Protocols Simple Network Management Protocol (SNMP) Internet Control Message Protocol (ICMP) Internet Group Message Protocol (IGMP) ICMP vulnerability - A denial of service vulnerability exists that could allow an attacker to send a specially crafted Internet Control Message Protocol (ICMP) message to an affected system. http://www.securiteam.com/exploits/5SP0N0AFFU.html CHAPTER 3 Cabling, Wires and Communications Coax Unshielded and Shielded Twisted Pair (UTP/STP) Fiber Optic Infrared Radio Frequency Microwave CHAPTER 3 Removable Media Data on the move… CD-R/DVD-R Diskettes Flash Cards Hard Drives Network Attached Storage Smart Cards Tape Thumb Drives UNIT 3 Unit 3 Assignment Unit 3 Project 1. Explain the vulnerabilities and mitigations associated with network devices (hardware). 2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc.