Transcript Document
UNIT 2 SEMINAR Unit 2 Chapter 1 and 2 in CompTIA Security + Course Name – IT286-02 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds Email – [email protected] Office Hours: Wednesday 9:00 PM ET and Thursday 5:00 PM ET CHAPTER 1 REVIEW Security in the news this week? It’s in the national news… Security breaches? St. Louis University student information containing Social Security numbers found discarded in alley Colorado nurse accused of stealing identities of hospital patients Credit Cards? Thieves Found Citigroup Site an Easy Entry Why do we care? http://www.databreaches.net/?p=18897 http://www.databreaches.net/?cat=20 http://www.nytimes.com/2011/06/14/technology/14security.html?_r=1 CHAPTER 1 REVIEW What we covered in Seminar last week… Chapter 1 – General Security Concepts Understanding Information Security Understanding the Goals of Information Security Comprehending the Security Process Authentication Issues to Consider Distinguishing Between Security Topologies Also, note the breakdown of the “domains” for the Security+ exam in the Introduction and the self Assessment Test. CHAPTER 1 REVIEW General Security Concepts Rapid Fire… - Open your ebook file on Chapter 1. Pick up points for some quick definitions. I’ll enter one and you type a brief Three components of… The security triad definition. CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Name the… Three “D’s” of Physical Security CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Operational Security Name four operational security issues CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Management and Policies Name three key policy areas CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Understanding the Goals of Information Security Name the three goals CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Implementing Access Control… Three basic models for access control CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Security Topologies cover four primary areas: The four security topology areas CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) Setting Design Goals: What is CIAA? Note: this is a critical concept for any security professional CHAPTER 1 REVIEW End of Chapter 1 Exam Essentials – if you are gathering information to review as a comparison to the CompTIA test domain content Hands-on Labs – not a graded item. This section reminds us to keep our systems up to date. Microsoft’s second Tuesday updates, security vendor’s virus file update (daily), etc. Review questions with answers CHAPTER 2 Chapter 2 - Identifying Potential Risks What is a risk? WASHINGTON, Feb 7, 2011 -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. WSJ What is an attack? Attack - when an unauthorized individual or group attempts to access, modify or damage systems or environment. Attacks Strategies – the bad guys have one or more goals: 1. Access attack – access to resources 2. Modification or repudiation attack – modify information 3. Denial-of-service attack – disrupt your network CHAPTER 2 Identifying Potential Risks Quick check of terms/concepts: Attack Goals (three) – Access Attack Types – Modification and Repudiation Attacks – DOS and DDOS Attacks – Zombies Botnet Backdoor Spoofing Man-in-the-Middle TCP/IP layers Sniffing OVAL CHAPTER 2 Identifying Potential Risks Overview: Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files CHAPTER 2 Types of Attacks Access attack – someone who should not be able to wants to access your resources Eavesdropping, snooping, interception Modification and repudiation attack – someone wants to modify information in your systems Change grades, fraudulent transactions, Denial of Service (DoS) attack – an attempt to disrupt your network and services CHAPTER 2 OVERVIEW TCP/IP Attacks Sniffing the Network Scanning Ports TCP attacks TCP SYN or TCP ACK Flood Attack TCP Sequence Number Attack TCP/IP Hijacking UDP attacks ICMP Attacks Smurf Attacks ICMP Tunneling CHAPTER 2 Understanding OVAL Open Vulnerability and Assessment Language http://oval.mitre.org OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community. A community written standard in XML to promote open and publicly available security content Consists of: A language An interpreter A repository CHAPTER 2 Surviving Malicious Code Viruses Trojan horses Logic Bombs Worms Antivirus software CHAPTER 2 Social Engineering Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. Preys on the trusting nature of people to breach security. Can be prevented through training and standard security policies. CHAPTER 2 Auditing Processes and Files Security log files Security audit files Vulnerability scanner UNIT 2 Unit 2 Assignment Unit Two Project 1. Perform a web search using your favorite search engine (yahoo.com, google.com, etc) on some of the most popular methods used to implement the various attacks discussed in Chapter 2. Then, discuss ways to prevent these attacks or at least minimize their effects on your organization. 2. Security topology covers four primary areas of concern (design goals, security zones, technologies, and business requirements). Describe each area including key topics in each area. 3. Discuss software threats classified as malicious code on page 81 of your text. CHAPTER 2 Clarification of Question 1 on Unit 2 Project From the Project Rubric: For example, look for the methods used to start a Denial of Service (DoS) attack like which software is used, the motives behind DoS, etc. Then, discuss ways to prevent these attacks or at least minimize their effects on your organization. There are attack types from page 54 through 63. Don’t just discuss DoS, there are various types listed. Understands attack types Presents measures to prevent attacks References reputable web sites 5 points 5 points 5 points