Transcript Network security

Chapter 13
 Upon
completion of this chapter, you should
be able to:
 Implement physical security
 Respond to social engineering exploits
 Identify network vulnerabilities & threats
 Describe the authentication process
 Describe secure protocols to use in place of
unsecure ones
 Identify a method for secure remote access
to a network
 Troubleshoot network security issues
13.1
 Three



factors to keep in mind
Prevention
Detection
Recovery
 Apply


layers (multi-barrier)
If they get through one barrier, there should be
more to stop them
Fences, locked doors, etc.
 Perimeter,
Access, & Inter-facility security
 Keep
unauthorized people out
 Cover your perimeter
 If
they get past the perimeter, need a 2nd
layer of defense
 They’ll try Piggybacking or Tailgating



Unauthorized person accompanies an authorized
person inside
Piggyback is with consent
Tailgate is w/out consent
 They’ll
try walking in with a large group
 They’ll try a sympathy story (forgot my card)
 When would these be a common problem?

Morning rush in or rush out of work (8am, 5pm)
 Prevention



Turnstiles with access cards
(jumpers)
Key code locks (piggyback/tailgate)
Mantraps (airlock- 1st door closes,
2nd door opens)




methods
Manual/guarded
Automatic with card, key fob,
biometrics
Goal is to trap intruder inside
Access lists

Guarded sign in and out station
 Within



your facility you can use:
Key fobs, access cards, key locks, ID badge, RFID,
biometric readers
Motion detectors, infrared detectors
Locked areas for computers/servers
 TestOut
13.1.2- Fact Sheet
 TestOut
13.1.3- Implement Physical Security
Lab
 TestOut
13.1.4- Practice Questions (15)
 You
walk into GCIT & someone you don’t
know follows you in before the door closes.
What is this called?

Tailgating
 In
a layered defense, what three areas
should be kept secure?

Perimeter, access, inter-facility
 What
is the difference between a smartcard
& an RFID card?

Smartcards can be encrypted & can store info
13.2
 An
attempt to fraudulently get sensitive info
from users


Usernames, passwords, credit card #, account #,
ss #, etc.
They pretend to be a trustworthy person
 Two


types of social engineering:
Passive- takes advantage of unintentional actions
of others
Active- direct interaction with users to get info
They must have inside access
 Malicious insiders



Shoulder surfing


Listening to conversations to get the info
Dumpster diving


Looking over someone’s shoulder to get the info
Eavesdropping


Employees, repair people, vending machine people
Looking for trash with info on it
Piggybacking & Tailgating
 Help
Me scenario/persuasive social
engineering


Over the phone
Pretends to be someone in another department
on the road & needs their password for an
emergency
 Authority



Figure Approach
Pretends to be boss, CEO, network administrator
Needs password to fix account, email issue, etc.
Needs password to get presentation on the road;
give password or else they are fired
 Phishing




Email requesting information in an emergency
Link to website that looks real
You enter info & submit it to the attacker
Used for attacking large retailers to get
usernames & passwords
 Spear

Attack
Phishing
Attackers identify bank you use to send phishing
attacks
 Whaling
 Vishing

Phishing over VoIP
 The
end user is the weak link
 Teach users:





Forward those types of calls to
help desk (they’ll probably hang
up)
Check web links for https, web
address
Privacy filter to prevent shoulder
surfers
Shred documents to prevent
dumpster diving
Mantraps & turnstiles
 TestOut
13.2.2- Social Engineering Facts
 TestOut
13.2.3- Identifying Social Engineering
Exploits
 TestOut
13.2.4- Respond to Social
Engineering Exploits Lab
 TestOut
13.2.5- Practice Questions (14)
 Describe

Takes advantage of unintentional actions of
others
 Name

some examples:
Eavesdropping, shoulder surfing, dumpster diving
 Describe

some examples:
Phishing, vishing, whaling
 What

active social engineering.
Direct interaction
 Name

passive social engineering.
is the best way to prevent social eng.?
Train staff
 Without
your knowledge, an attacker has
identified that you use TD Bank. You get an
email from what looks like TD asking you to
verify your username and password. What
kind of attack is this?

Speak phishing
 If
someone tries to steal your personal
information over the phone, what kind of
attack is this?

Vishing
13.3

Designed to infiltrate computer and possibly damage it or
take it over

Going to go over:












Virus
Macro virus
Polymorphic virus
Companion virus
Worms
Trojan horse
Rootkits
Logic bomb
Spyware
Adware
Crimeware
Prevention
 Attached
to a file
 They all have:



A way to replicate
A way to activate
An objective
 Types




of viruses:
Stealth
Macro virus
Polymorphic virus
Companion virus
 Install


it & schedule scans
Include scanning of removable drives & email
Enable real-time protection
Travels across networks
 Automatically replicates itself
 Propagates without a file
 Spreads rapidly
 Ties up network bandwidth &
prevent users from doing normal
stuff
 Gets in from unpactched
software


SOLUTION:


Keep software up to date
Install anti-malware software





Appears to be good software
Malicious code within good
software
No replication & not attached to a
file
You end up running the program
Can open a hole in software for an
attack



Your PC becomes a zombie (Bot or
Botnet)
Used for spamming, DDoS attack,
etc.
Install anti-malware program
Installed in the boot sector
 BIOS boots system from rootkit
 Thinks rootkit is the OS
 Rootkit runs in RAM
 Very difficult to detect; almost invisible to antimalware software


SOLUTION: secure boot feature in newer
Windows
 Malicious
code that executes at a certain
date/time
 Software
installed w/out you knowing
 Intercepts & collects data; gets passwords
 Uses a tracking cookie
 May install other software, change settings,
or redirect to other websites
 Plays,
displays, downloads ads to computer
 Spies on your web activity to display certain
ads
 SOLUTION:


Use pop-up blocker/ ad blocker
Install anti-malware software
 Accesses
user’s accounts (bank, shop, etc.)
 Gathers data to remove funds or make
unauthorized purchases
 Uses keyloggers
 Keep
software/web browser up to date
 Install latest OS updates
 Install anti-malware program



Keep it up to date
Run regular scans
Real-time protection
 Use
a firewall
 Pop-up blocker
 Cookie settings
 What
type of threat installs software on your
PC to monitor your activity?

Spyware
 Your
PC was attacked by malicious code that
activated on January 10, 2016 at 10:01am.
What kind of threat was this?

Logic bomb
 What
is the most difficult threat to protect
against because it installs in the boot sector?

Rootkit
 Overload
a system so it can’t do its normal
work

Crash or flood server
 Regular



Example:
You go to bank to cash a check
Bank is filled with people who don’t even have a
bank account
They are just there to disrupt normal service
 Uses
infected “zombie” computers to launch
attacks
 Zombies are all over the place; can’t trace
 Sent
to one network (amplifier PCs) with
spoofed source IP and reflected to victim
 Sends huge amounts of traffic
 Smurf attack (spoofs the source IP)
 TestOut
13.3.4- Perform a Flood Attack
(Interesting to watch)
 TestOut
13.3.5- DoS Attack Fact Sheet
 What
kind of attack uses zombie computers
to attack another system?

DDoS
 How

do DoS and DDoS attack a server?
They overload it so the server cannot do its
normal functions; possibly crashes
 If
software is installed on you PC & allows an
attacker to “see” what you are typing, what
kind of threat is this and what are they using
to do it?

Crimeware; keylogger
 Man-in-the-middle


Pretends to be source & destination
Intercepts data
 TCP

Hijacking
Like above, but hacker pretends to be the client
 Replay


attack
attack
Hacker sniffs packets to get authentication info
Then hacker uses info to connect to server
 IP

spoofing
Hiding the source IP
 MAC

Mainly used in wireless networks to avoid MAC
filtering
 ARP


spoofing
spoofing (aka ARP poisoning)
When an ARP request is sent, hacker responds
with their MAC address
Hacker receives all traffic

Man-in-the-middle
 TestOut
13.3.7- ARP Spoofing (Interesting)
 TestOut
13.3.8- Fact Sheet
 TestOut
13.3.9- Practice Questions (14)
13.4
 Guessing






passwords
Easy passwords
You don’t change default
Gather names/dates from social media
Writing down passwords
Shoulder surfing
Social engineering
 Brute
force attack (cracking tool)
 Use strong passwords



8-12 characters
Upper/lower case
Numbers & symbols
 TestOut
13.4.4- DEMO of cracking passwords
(interesting to watch)
13.5
 Process



of verifying identity credentials
Username & password or PIN
Smart card/key fob (uses hardware security
token)
Biometrics
 Use
multiple types
(username/password/thumbprint)
 Single

Sign-On (SSO)
Authenticate once & given access to multiple
systems
 Method
used to exchange credentials
 3-way handshake
 All devices MUST have shared secret
password configured on each
 Microsoft-CHAP
 DO


NOT USE ANYMORE
Not secure
Has known weaknesses & vulnerabilities
 Method
of identifying which authentication
protocol to use
 Many types of EAP
 Assists in communication of the device ID to
the authenticating server (RADIUS)
 Used in wireless & wired
 Authentication
& authorization to use
resources
 Uses a ticket system
 User authenticates once & authorized to use
each service w/out re-authentication
 Connect
to authenticating server, RADIUS
 What
type of authentication is a 3-way
handshake where all devices use a shared
secret password and uses a challenge string
and hash?

CHAP
 What
type of authentication allows you to
authenticate once and gives you access to
server services without re-authorizing?

Kerberos
 What
authentication protocol connects to a
switch using EAP and then a RADIUS server?

802.1x
13.6
 HTTP
 FTP
 TELNET
 TFTP
 You
can ad security to them OR use a secure
replacement version
 HTTP
 FTP
 TELNET
 TFTP
• SSL and TLS
• Encrypts Data
• HTTP becomes HTTPS
• Can also use SSH with FTP
to become SFTP
Use SSH
Encrypts Data
Authenticates
Use SFTP instead
 TestOut
13.6.4- Practice Questions (7)
13.7
 Encrypts
data over unsecure Internet
connection
 Remote users can connect into main offices
via Internet connection
 Packet
is encrypted
 VPN protocols tunnel (encapsulate) each
encrypted packet in a new packet
 Only destination device can read packet
contents
 Types of VPN connections:



Host to host (hosts have VPN configured)
Site to site (sites have VPN server configured)
Remote access (host to remote site)


Client has VPN configured
Connects to VPN server/concentrator
 TestOut
13.7.3- DEMO Configuring VPN
 TestOut
13.7.4- Configure a VPN connection
LAB
 TestOut
13.7.5- Configure a Mobile Device
VPN Connection
 TestOOut
13.7.6- Practice Questions (12)
13.8
 Firewall
 Block
outbound with a source IP not on your
network (zombie prevention)
 Block
ICMP for all or individuals- prevents
your systems from responding to these
attacks
 TestOut
13.8.2- Responding to Network
Attacks DEMO
 Complete
the study guide handout
 Complete
TestOut
 Practice
in Packet Tracer
 Jeopardy
review
Chapter 13