Transcript chapter 3
UNIT 3 SEMINAR Unit 3 Chapter 3 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: Google chat - jmcdanolds Email – [email protected] Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET UNIT 3 Security in the news… July 12, 2012 Hackers post 450K credentials apparently pilfered from Yahoo Yahoo appears to have been the victim of a security breach that yielded more than hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer’s network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain (Yahoo Voices), intended the data dump to be a “wake-up call.” http://www.databreaches.net/?p=24724 Follow-up: Regulators criticize NYSEG for computer security breach The New York State Public Service Commission (Commission) today received a report from Department of Public Service staff that both New York State Electric & Gas Corporation (NYSEG) and Rochester Gas & Electric (RG&E) failed to adequately protect confidential customer information from unauthorized access by outside parties. In January 2012, NYSEG advised the Department that unauthorized parties had obtained access to confidential information of both NYSEG and RG&E customers, including Social Security Numbers, dates of birth, and in some cases, financial institution account information. http://www.databreaches.net/?p=24738 UNIT 3 Security in the news… Living a Lie - Identity Theft That Lasted Decades 10/1/2012 When Florida Highway Patrol Trooper Richard Blanco—a member of the FBI’s Joint Terrorism Task Force (JTTF) in Jacksonville—interviewed an individual suspected of driver’s license fraud in 2011, he wasn’t initially sure if the man was the victim or the perpetrator of identity theft. That’s because the man—now imprisoned and officially known as John Doe—had a stack of government-issued identification acquired during the 22 years he had been using a living victim’s identity. That included a passport, driver’s license, birth certificate, Social Security card, and identification allowing him unescorted access to a port and military installation. http://www.fbi.gov/news/stories/2012/october/identity-theft-that-lasted-decades UNIT 3 Security in the news… Information Technology Sector DHS Daily Open Source Infrastructure Report October 2, Softpedia – (International) Prolexic: ‘itsoknoproblembro’ DDoS attacks are highly sophisticated. Experts from Prolexic Technologies claim a new type of distributed denial-of-service (DDoS) attack has not only increased in size, but also reached a new level of sophistication. DDoS attacks have recently caused a lot of problems for organizations; in September, the sites of several financial institutions were disrupted as a result of such operations. Prolexic found that many of the recent attacks against their customers relied on the itsoknoproblembro DDoS toolkit. Prolexic recorded massive sustained floods, some of which peaked at 70 Gbps and over 30 million pps. Itsoknoproblembro includes a number of application layer and infrastructure attack vectors, such as UDP and SSL encrypted attack types, SYN floods, and ICMP. The botnet that powers these attacks contains a large number of legitimate IP addresses. This allows the attack to bypass the anti-spoofing mechanisms deployed by companies. The DHS Daily Open Source Infrastructure Report is collected each business day as a summary of open-source published information concerning significant critical infrastructure issues. https://www.dhs.gov/dhs-daily-open-source-infrastructure-report UNIT 2 REVIEW What was covered in Unit 2… Chapter 2 Review – Identifying Potential Risks If you don’t know what you’re up against, how do you prepare… Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files UNIT 2 REVIEW What was covered in Unit 2… Chapter 2 - Identifying Potential Risks Attacks Strategies – the bad guys have one or more of these goals: 1. 2. 3. Access attack – access to resources Modification or repudiation attack – modify information Denial-of-service attack – disrupt the network, denying users access Social engineering - preys on the trusting nature of people to breach security. Auditing Processes and Files - security log files, security audit files CHAPTER 2 REVIEW Common Attacks Rapid Fire… Open your ebook file to Chapter 2. Quick definitions. Type a brief definition. #1 – What is a zombie? What runs on a zombie? CHAPTER 2 REVIEW Common Attacks Rapid Fire… (continued) #2 - Name two… Back Door Attacks CHAPTER 2 REVIEW Common Attacks Rapid Fire… (continued) #3 – Name two types of… Password guessing attacks CHAPTER 2 REVIEW Common Attacks Rapid Fire… (continued) #4 – Give the TCP Port Number of … SNMP, HTTPS, and DNS CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) #2 - Name the… Three components of Physical Security UNIT 3 - CHAPTER 3 Infrastructure and Connectivity Protecting the flow of data… Understanding Infrastructure Security Understanding Network Infrastructure Devices Monitoring and Diagnosing Networks Securing Workstations and Servers Understanding Mobile Devices Understanding Remote Access Securing Internet Connections Understanding Network Protocols Basics of Cabling, Wires and Communications Employing Removable Media CHAPTER 3 Understanding Infrastructure Security How information flows… Hardware Components: Physical devices, such as routers, servers, firewalls, switches, workstations etc. Software Components: Includes operating systems, applications, and management software Example: NOC – Network Operations Center AT&T Global Network Operations Center http://www.corp.att.com/gnoc/ IP Backbone - AT&T has over 940,000 worldwide fiber-route miles, a worldwide network that includes 232,798 Wi-Fi hotspots, 16.4 million broadband connections in service, and more than 105 million wireless customers. The network carries approximately 33 petabytes of data on an average business day. CHAPTER 3 Real Time Monitoring Field Trip… Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. 20 minute video ONLY first 3 minutes - view the entire tour later… http://www.akamai.com/html/technology/nocc.html 14 CHAPTER 3 Network Infrastructure Devices Firewall – the purpose is to isolate one network from another. Firewalls can be hardware, software, appliances, etc. Types: Packet filter, proxy, stateful inspection Hub Switch Router Modem Remote Access Services Telecom/PBX Systems Virtual Private Networks Wireless Access Points CHAPTER 3 Monitoring/Diagnosing Networks What you don’t know can hurt you… Network Monitors (sniffers) Intrusion Detection Systems - IDS (discussed later) Field Trips… http://learn-networking.com/network-security/three-archaic-backdoor-trojanprograms-that-still-serve-great-pranks Back Orifice 2000 – be careful! http://support.microsoft.com/kb/237280 Nmap ("Network Mapper") is a free utility for network exploration or security auditing. http://nmap.org/ Password Crackers http://sectools.org/crackers.html CHAPTER 3 Securing Workstations and Servers Hardening systems: Both workstations and servers are vulnerable. Remove unused software, services and processes Ensure that all workstations, servers and applications are up to date - Patches, updates, fixes Minimize information dissemination about the system Ex: Lock down configuration settings, use group policies and security templates, disable unneeded functions, evaluate sharing services. Windows Server 2008 – Security Configuration Wizard CHAPTER 3 Understanding Mobile Devices Who is connecting to your network through a wireless device? Include pagers, PDAs, cell phones, etc. WTLS layer (Wireless Transport Layer Security) WAP (Wireless Access Protocol) Wireless Session Protocol (WSP) CHAPTER 3 Understanding Remote Access Point-to-Point Protocol (PPP) plus CHAP – Challenge Handshake Authentication Protocol Tunneling Protocols PPTP L2F L2TP Secure Shell IPSec (IP Security used with tunneling protocols) 802.1x Wireless Protocols RADIUS TACACS/+ CHAPTER 3 Securing Internet Connections Ports and Sockets Web vulnerabilities E-mail E-mail protocols SMTP POP/POP3 IMAP E-mail vulnerabilities SPAM Hoaxes Web Secure web connections SSL/TLS HTTP/S FTP ActiveX Buffer Overflows CGI Cookies Cross-site Scripting (XSS) Input validation Java Applets JavaScript Popups Signed Applets SMTP Relay Blind/Anonymous FTP Secure FTP Sharing Files Vulnerabilities CHAPTER 3 Securing Internet Connections ISPs like Akamai, AT&T, etc. protect data transmissions from attack Example: State of the Internet Report Each quarter, Akamai publishes a quarterly "State of the Internet" report. This report includes data gathered across Akamai's global server network about attack traffic, average & maximum connection speeds, Internet penetration and broadband adoption, and mobile usage, as well as trends seen in this data over time. Posted in Doc Sharing – .pdf shows slides of report http://www.akamai.com/stateoftheinternet/ CHAPTER 3 Ports, Sockets and Sniffers Port Scanners: http://sectools.org/port-scanners.html Packet Sniffers: http://sectools.org/sniffers.html http://www.wireshark.org/download.html Vulnerability Scanners: http://sectools.org/tag/vuln-scanners/ CHAPTER 3 SNMP and Other TCP/IP Protocols Simple Network Management Protocol (SNMP) Internet Control Message Protocol (ICMP) Internet Group Message Protocol (IGMP) ICMP vulnerability - A denial of service vulnerability exists that could allow an attacker to send a specially crafted Internet Control Message Protocol (ICMP) message to an affected system. http://www.securiteam.com/exploits/5SP0N0AFFU.html http://www.securiteam.com/securitynews/ CHAPTER 3 Cabling, Wires and Communications Coax Unshielded and Shielded Twisted Pair (UTP/STP) Fiber Optic Infrared Radio Frequency Microwave CHAPTER 3 Removable Media Data on the move… CD-R/DVD-R Diskettes Flash Cards Hard Drives Network Attached Storage Smart Cards Tape Thumb Drives UNIT 3 Unit 3 Assignment Unit 3 Assignment 1. Explain the vulnerabilities and mitigations associated with network devices (hardware). 2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc. UNIT 3 Unit 3 Assignment 1. Explain the vulnerabilities and mitigations associated with network devices (hardware). At least five devices – firewall, router, switch, etc. Example: discuss how a router works, how it is vulnerable to attack/malfunction, AND how it can be protected. One paragraph for each of five devices. 2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc. At least one paragraph on these three.