Transcript Document
UNIT 2 SEMINAR
Unit 2
Chapter 1 and 2 in CompTIA Security +
Course Name – IT286-01 Introduction to Network Security
Instructor – Jan McDanolds, MS, Security+
Contact Information: AIM – JMcDanolds
Email – [email protected]
Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
CHAPTER 1 REVIEW
Security in the news…
Back-Up Supplier Acronis Apologizes For Data Leak
July 9, 2012
Tom Brewster reports: Back-up vendor Acronis has admitted some of
its customers’ data leaked onto the Web, as it opens an investigation
into what went wrong. Acronis said certain information from its
knowledge base was opened up to everyone after the access control
settings were reset to default. The back-up supplier said most of the
content in the database was not “sensitive or confidential”.
http://www.databreaches.net/?p=24707
CHAPTER 1 REVIEW
Security in the news…
In the national news…
Utah Dept. of Health hacked, over 500,000 700,000 affected and the number’s growing
April 9, 2012 - Marjorie Cortez provides an update on a breach that started out bad enough last week, and
just got a lot worse: Some 280,000 people had their Social Security numbers listed in state health data
stolen from a computer server last week, state officials announced Monday, calling the data breach the
largest in state history. Another 500,000 victims had less sensitive personal information stolen, state
health department and technology services officials said during a press conference at the State Office
Building. “Less sensitive” information was described as names, dates of birth and addresses. Officials said
there may be some overlap between the groups, and information is still being reviewed. The victims are
likely to be people who have visited a health care provider in the past four months.
http://www.databreaches.net/?p=23931
Dead And Dying Targeted In ID Theft
IDs of 2.5 million dead Americans abused annually, new study shows
Apr 24, 2012 | 12:08 PM |
Dead or alive, your identity is always at risk: New data shows that fraudsters use the
Social Security numbers and other personal data of more than 2 million deceased
people in the U.S. annually in order to get credit card and cell phone services each
year under phony names.
http://www.darkreading.com/security/attacks-breaches
CHAPTER 1 REVIEW
Chapter 1
General Security Concepts
Understanding Information Security
Understanding the Goals of Information Security
Comprehending the Security Process
Authentication Issues to Consider
Distinguishing Between Security Topologies
Also in the textbook, note the breakdown of the
“domains” for the Security+ exam in the Introduction
and the self Assessment Test.
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
Open your ebook file to Chapter 1. Pick up points for some quick
definitions. Type a brief
definition.
#1 - Three components of…
The security triad
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
(continued)
#2 - Name the…
Three components of Physical Security
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
(continued)
#3 - Operational Security
Name four operational security issues
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
(continued)
#4 - Management and Policies
Name three key policy areas
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
(continued)
#5 - Implementing Access Control…
Three basic models for access control
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
(continued)
#6 - Security Topologies cover four primary areas:
The four security topology areas
CHAPTER 1 REVIEW
End of Chapter 1
Exam Essentials – if you are gathering information to
review as a comparison to the CompTIA test
domain content
Hands-on Labs – not a graded item. This section
reminds us to keep our systems up to date.
Microsoft’s second Tuesday updates, security
vendor’s virus file update (daily), etc.
Review Questions with the answers after – use these
to study concepts
CHAPTER 2
Chapter 2 - Identifying Potential Risks
What is a risk?
WASHINGTON, Feb 7, 2011 -- Cyberspies have penetrated the U.S. electrical grid
and left behind software programs that could be used to disrupt the system,
according to current and former national-security officials. The spies came from
China, Russia and other countries, these officials said, and were believed to be
on a mission to navigate the U.S. electrical system and its controls.
Wall Street Journal
What is an attack?
Attack - when an unauthorized individual or group attempts to
access, modify or damage systems or environment.
Attacks
1.
2.
3.
Strategies – the bad guys have one or more of these goals:
Access attack – access to resources
Modification or repudiation attack – modify information
Denial-of-service attack – disrupt the network, denying users access
CHAPTER 2
Identifying Potential Risks
Quick check of terms/concepts:
Attack Goals (three) –
Access Attack Types –
Modification and Repudiation Attacks –
DOS and DDOS Attacks –
Zombies
Botnet
Backdoor
Spoofing
Man-in-the-Middle
TCP/IP layers
Sniffing
OVAL
CHAPTER 2
Identifying Potential Risks
Overview:
Calculating Attack Strategies
Recognizing Common Attacks
Identifying TCP/IP Security Concerns
Understanding Software Exploitation
Understanding OVAL
Surviving Malicious Code
Understanding Social Engineering
Auditing Processes and Files
CHAPTER 2
Hacking Internally
How To Hack Into Someone's PC Through IP
DO NOT DO THIS in a production environment – you could be fired.
Connecting to a computer remotely using IP
Angry IP Scanner (or simply ipscan) is an open-source and crossplatform network scanner designed to be fast and simple to use.
It scans IP addresses and ports as well as has many other
features. It is widely used by network administrators and just
curious users around the world, including large and small
enterprises, banks, and government agencies
nbtstat -a (victim's IP)
net view \\(victim's IP)
net use x: \\(victim's IP)\(disk name)
* Brackets don't include
http://www.youtube.com/watch?v=LXTRS_gukgs&feature=related
CHAPTER 2
Types of Attacks
Access attack – someone who should not be
able to wants to access your resources
Eavesdropping, snooping, interception
Modification and repudiation attack –
someone wants to modify information in your
systems
Change grades, fraudulent transactions,
Denial of Service (DoS) attack – an attempt
to disrupt your network and services
CHAPTER 2
TCP/IP Attacks
Sniffing the Network
Scanning Ports
TCP attacks
TCP SYN or TCP ACK Flood Attack
TCP Sequence Number Attack
TCP/IP Hijacking
UDP attacks
ICMP Attacks
Smurf Attacks
ICMP Tunneling
CHAPTER 2
Understanding OVAL
Open Vulnerability and Assessment Language
http://oval.mitre.org
OVAL is an information security community effort to standardize how to assess
and report upon the machine state of computer systems. OVAL includes a
language to encode system details, and an assortment of content repositories
held throughout the community.
A community written standard in XML to promote open and publicly
available security content
Consists of:
A language
An interpreter
A repository
CHAPTER 2
Surviving Malicious Code
Viruses
Trojan horses
Logic Bombs
Worms
Antivirus software
How does malicious code get in?
Binders and Malware (three part article)
How to article showing malicious code being bound to a
legitimate program.
http://www.windowsecurity.com/articles/Binders-Malware-Part1.html
CHAPTER 2
Social Engineering
Social engineering is a process where an attacker
attempts to acquire information about your network and
system by talking to people in the organization.
Preys on the trusting nature of people to breach
security.
Can be prevented through training and standard
security policies.
CHAPTER 2
Auditing Processes and Files
Security log files - Security audit files
Vulnerability scanner
Review security
and audit logs using
Event Viewer in
Windows 7
Go to:
Control Panel,
Systems and
Security,
Administrative
Tools, Event Viewer
UNIT 2
Unit 2 Assignment
Unit Two Project
1. Perform a web search using your
favorite search engine (yahoo.com,
google.com, etc) on some of the
most popular methods used to
implement the various attacks
discussed in Chapter 2. Then,
discuss ways to prevent these
attacks or at least minimize their
effects on your organization.
2. Security topology covers four
primary areas of concern (design
goals, security zones,
technologies, and business
requirements). Describe each area
including key topics in each area.
3. Discuss software threats
classified as malicious code on
page 81 of your text.
CHAPTER 2
Clarification of Question 1 on Unit 2 Project
From the Project Rubric: For example, look for the methods
used to start a Denial of Service (DoS) attack like which
software is used, the motives behind DoS, etc. Then, discuss
ways to prevent these attacks or at least minimize their effects
on your organization.
There are attack types from page 54 through 63.
Don’t just discuss DoS, there are various types listed.
Understands attack types
Presents measures to prevent attacks
References reputable web sites
5 points
5 points
5 points