Transcript Document

UNIT 3 SEMINAR
Unit 3
Chapter 3 in CompTIA Security +
Course Name – IT286-01 Introduction to Network Security
Instructor – Jan McDanolds, MS
Contact Information: AIM – JMcDanolds
Email – [email protected]
Office Hours: Tuesday 4:00 PM ET and Wednesday 6:00 PM ET
UNIT 2 REVIEW
What we covered last week…
Chapter 2 Review – Identifying Potential Risks
(If you don’t know what you’re up against, how do you
prepare for it…)
Calculating Attack Strategies
Recognizing Common Attacks
Identifying TCP/IP Security Concerns
Understanding Software Exploitation
Understanding OVAL
Surviving Malicious Code
Understanding Social Engineering
Auditing Processes and Files
UNIT 3
What is happening this week…
Security heavy-weights go to San Francisco.
The RSA Conference 2011
Hot products:
http://www.networkworld.com/slideshows/2011/021411rsa.html?source=NWWNLE_nlt_daily_pm_2011-02-17
Keynote videos (also podcasts)
http://www.rsaconference.com/2011/usa/recordings/key
notecatalog.htm
CHAPTER 3
Infrastructure and Connectivity
Protecting the flow of data…
Understanding Infrastructure Security
Understanding Network Infrastructure Devices
Monitoring and Diagnosing Networks
Securing Workstations and Servers
Understanding Mobile Devices
Understanding Remote Access
Securing Internet Connections
Understanding Network Protocols
Basics of Cabling, Wires and Communications
Employing Removable Media
CHAPTER 3
Understanding Infrastructure Security
How information flows…
Hardware Components
Physical devices, such as routers, servers,
firewalls, switches, workstations etc.
Software Components
Includes operating systems, applications, and
management software
NOC – Network Operations Center
CHAPTER 3
Network Infrastructure Devices
Firewall – purpose is to isolate one network from another.
Firewalls can be hardware, software, appliances
Types: Packet filter, proxy, stateful Inspection
Hub
Switch
Router
Modem
Remote Access Services
Telecom/PBX Systems
Virtual Private Networks
Wireless Access Points
CHAPTER 3
Monitoring/Diagnosing Networks
What you don’t know can hurt you…
Network Monitors (sniffers)
Intrusion Detection Systems - IDS (discussed later)
Field Trips…
http://learn-networking.com/network-security/three-archaic-backdoor-trojanprograms-that-still-serve-great-pranks
Back Orifice 2000
http://www.bo2k.com/featurelist.html
http://www.bo2k.com/docs/bo2k_1-0_tutorial.html
Nmap ("Network Mapper") is a free utility for network exploration or security auditing.
http://nmap.org/
Password Crackers
http://sectools.org/crackers.html
CHAPTER 3
Securing Workstations and Servers
Hardening systems:
Both workstations and servers are vulnerable.
Remove unused software, services and processes
Ensure that all workstations, servers and applications are up to
date - Patches, updates, fixes
Minimize information dissemination about the system
Ex: Lock down configuration settings, use group policies and
security templates, disable unneeded functions, evaluate sharing
services. Windows Server 2008 – Security Configuration Wizard
CHAPTER 3
Understanding Mobile Devices
Who is connecting to your network through
a wireless device?
Include pagers, PDAs, cell phones, etc.
WTLS layer (Wireless Transport Layer Security)
WAP (Wireless Access Protocol)
Wireless Session Protocol (WSP)
CHAPTER 3
Understanding Remote Access
Point-to-Point Protocol (PPP) plus CHAP – Challenge
Handshake Authentication Protocol
Tunneling Protocols
PPTP
L2F
L2TP
Secure Shell
IPSec (IP Security used with tunneling protocols)
802.1x Wireless Protocols
RADIUS
TACACS/+
CHAPTER 3
Securing Internet Connections
Ports and Sockets
Web vulnerabilities
E-mail
E-mail protocols
SMTP
POP/POP3
IMAP
E-mail vulnerabilities
SPAM
Hoaxes
Web
Secure web connections
SSL/TLS
HTTP/S
FTP
ActiveX
Buffer Overflows
CGI
Cookies
Cross-site Scripting (XSS)
Input validation
Java Applets
JavaScript
Popups
Signed Applets
SMTP Relay
Blind/Anonymous FTP
Secure FTP
Sharing Files
Vulnerabilities
CHAPTER 3
Ports, Sockets and Sniffers
Port Scanners:
http://sectools.org/port-scanners.html
Packet Sniffers:
http://sectools.org/sniffers.html
http://www.wireshark.org/download.html
CHAPTER 3
SNMP and Other TCP/IP Protocols
Simple Network Management Protocol (SNMP)
Internet Control Message Protocol (ICMP)
Internet Group Message Protocol (IGMP)
ICMP vulnerability - A denial of service vulnerability exists
that could allow an attacker to send a specially crafted Internet
Control Message Protocol (ICMP) message to an affected
system.
http://www.securiteam.com/exploits/5SP0N0AFFU.html
CHAPTER 3
Cabling, Wires and Communications
Coax
Unshielded and Shielded Twisted Pair (UTP/STP)
Fiber Optic
Infrared
Radio Frequency
Microwave
CHAPTER 3
Removable Media
Data on the move…
CD-R/DVD-R
Diskettes
Flash Cards
Hard Drives
Network Attached Storage
Smart Cards
Tape
Thumb Drives
UNIT 3
Unit 3 Assignment
Unit 3 Project
1. Explain the vulnerabilities and
mitigations associated with network
devices (hardware).
2. Explain the vulnerabilities and
mitigations associated with various
transmission media such as coax,
UTP, fiber, etc.