Transcript chapter 3

UNIT 3 SEMINAR
Unit 3
Chapter 3 in CompTIA Security +
Course Name – IT286-01 Introduction to Network Security
Instructor – Jan McDanolds, MS, Security+
Contact Information: Google chat - jmcdanolds
Email – [email protected]
Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
UNIT 3
Security in the news…
July 12, 2012
Hackers post 450K credentials apparently pilfered from Yahoo
Yahoo appears to have been the victim of a security breach that yielded more than
hundreds of thousands of login credentials stored in plain text. The hacked data, posted
to the hacker site D33D Company, contained more than 453,000 login credentials and
appears to have originated from the Web pioneer’s network. The hackers, who said they
used a union-based SQL injection technique to penetrate the Yahoo subdomain (Yahoo
Voices), intended the data dump to be a “wake-up call.”
http://www.databreaches.net/?p=24724
Follow-up: Regulators criticize NYSEG for computer security breach
The New York State Public Service Commission (Commission) today received a report
from Department of Public Service staff that both New York State Electric & Gas
Corporation (NYSEG) and Rochester Gas & Electric (RG&E) failed to adequately protect
confidential customer information from unauthorized access by outside parties.
In January 2012, NYSEG advised the Department that unauthorized parties had obtained
access to confidential information of both NYSEG and RG&E customers, including Social
Security Numbers, dates of birth, and in some cases, financial institution account
information.
http://www.databreaches.net/?p=24738
UNIT 3
Security in the news…
Living a Lie - Identity Theft That Lasted Decades 10/1/2012
When Florida Highway Patrol Trooper Richard Blanco—a member of the FBI’s Joint
Terrorism Task Force (JTTF) in Jacksonville—interviewed an individual suspected of
driver’s license fraud in 2011, he wasn’t initially sure if the man was the victim or the
perpetrator of identity theft.
That’s because the man—now imprisoned and officially known as John Doe—had a
stack of government-issued identification acquired during the 22 years he had
been using a living victim’s identity. That included a passport, driver’s license, birth
certificate, Social Security card, and identification allowing him unescorted access to a
port and military installation.
http://www.fbi.gov/news/stories/2012/october/identity-theft-that-lasted-decades
UNIT 3
Security in the news…
Information Technology Sector DHS Daily Open Source Infrastructure Report
October 2, Softpedia – (International)
Prolexic: ‘itsoknoproblembro’ DDoS attacks are highly sophisticated. Experts
from Prolexic Technologies claim a new type of distributed denial-of-service
(DDoS) attack has not only increased in size, but also reached a new level of
sophistication. DDoS attacks have recently caused a lot of problems for
organizations; in September, the sites of several financial institutions were
disrupted as a result of such operations. Prolexic found that many of the recent
attacks against their customers relied on the itsoknoproblembro DDoS toolkit.
Prolexic recorded massive sustained floods, some of which peaked at 70 Gbps
and over 30 million pps. Itsoknoproblembro includes a number of application
layer and infrastructure attack vectors, such as UDP and SSL encrypted attack
types, SYN floods, and ICMP. The botnet that powers these attacks contains a
large number of legitimate IP addresses. This allows the attack to bypass the
anti-spoofing mechanisms deployed by companies.
The DHS Daily Open Source Infrastructure Report is collected each business day as a summary of
open-source published information concerning significant critical infrastructure issues.
https://www.dhs.gov/dhs-daily-open-source-infrastructure-report
UNIT 2 REVIEW
What was covered in Unit 2…
Chapter 2 Review – Identifying Potential Risks
If you don’t know what you’re up against, how do you prepare…
Calculating Attack Strategies
Recognizing Common Attacks
Identifying TCP/IP Security Concerns
Understanding Software Exploitation
Understanding OVAL
Surviving Malicious Code
Understanding Social Engineering
Auditing Processes and Files
UNIT 2 REVIEW
What was covered in Unit 2…
Chapter 2 - Identifying Potential Risks
Attacks Strategies – the bad guys have one or more of these goals:
1.
2.
3.
Access attack – access to resources
Modification or repudiation attack – modify information
Denial-of-service attack – disrupt the network, denying users
access
Social engineering - preys on the trusting nature of people to
breach security.
Auditing Processes and Files - security log files, security audit files
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire…
Open your ebook file to Chapter 2. Quick definitions.
Type a brief
definition.
#1 – What is a zombie? What runs on a zombie?
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire…
(continued)
#2 - Name two…
Back Door Attacks
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire…
(continued)
#3 – Name two types of…
Password guessing attacks
CHAPTER 2 REVIEW
Common Attacks
Rapid Fire…
(continued)
#4 – Give the TCP Port Number of …
SNMP, HTTPS, and DNS
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire…
(continued)
#2 - Name the…
Three components of Physical Security
UNIT 3 - CHAPTER 3
Infrastructure and Connectivity
Protecting the flow of data…
Understanding Infrastructure Security
Understanding Network Infrastructure Devices
Monitoring and Diagnosing Networks
Securing Workstations and Servers
Understanding Mobile Devices
Understanding Remote Access
Securing Internet Connections
Understanding Network Protocols
Basics of Cabling, Wires and Communications
Employing Removable Media
CHAPTER 3
Understanding Infrastructure Security
How information flows…
Hardware Components: Physical devices, such as routers,
servers, firewalls, switches, workstations etc.
Software Components: Includes operating systems, applications,
and management software
Example: NOC – Network Operations Center
AT&T Global Network Operations Center
http://www.corp.att.com/gnoc/
IP Backbone - AT&T has over 940,000 worldwide fiber-route miles, a
worldwide network that includes 232,798 Wi-Fi hotspots, 16.4 million
broadband connections in service, and more than 105 million wireless
customers. The network carries approximately 33 petabytes of data on an
average business day.
CHAPTER 3
Real Time Monitoring
Field Trip…
Visit to Akamai Technologies‘ state-of-the-art Network
Operations Command Center, located in
Cambridge, Massachusetts. The Akamai NOCC
enables proactive monitoring and troubleshooting of
all servers in the global Akamai network.
20 minute video
ONLY first 3 minutes
- view the entire tour later…
http://www.akamai.com/html/technology/nocc.html
14
CHAPTER 3
Network Infrastructure Devices
Firewall – the purpose is to isolate one network from another.
Firewalls can be hardware, software, appliances, etc.
Types: Packet filter, proxy, stateful inspection
Hub
Switch
Router
Modem
Remote Access Services
Telecom/PBX Systems
Virtual Private Networks
Wireless Access Points
CHAPTER 3
Monitoring/Diagnosing Networks
What you don’t know can hurt you…
Network Monitors (sniffers)
Intrusion Detection Systems - IDS (discussed later)
Field Trips…
http://learn-networking.com/network-security/three-archaic-backdoor-trojanprograms-that-still-serve-great-pranks
Back Orifice 2000 – be careful!
http://support.microsoft.com/kb/237280
Nmap ("Network Mapper") is a free utility for network exploration or security
auditing. http://nmap.org/
Password Crackers
http://sectools.org/crackers.html
CHAPTER 3
Securing Workstations and Servers
Hardening systems:
Both workstations and servers are vulnerable.
Remove unused software, services and processes
Ensure that all workstations, servers and applications are up to
date - Patches, updates, fixes
Minimize information dissemination about the system
Ex: Lock down configuration settings, use group policies and
security templates, disable unneeded functions, evaluate sharing
services. Windows Server 2008 – Security Configuration Wizard
CHAPTER 3
Understanding Mobile Devices
Who is connecting to your network through
a wireless device?
Include pagers, PDAs, cell phones, etc.
WTLS layer (Wireless Transport Layer Security)
WAP (Wireless Access Protocol)
Wireless Session Protocol (WSP)
CHAPTER 3
Understanding Remote Access
Point-to-Point Protocol (PPP) plus CHAP – Challenge
Handshake Authentication Protocol
Tunneling Protocols
PPTP
L2F
L2TP
Secure Shell
IPSec (IP Security used with tunneling protocols)
802.1x Wireless Protocols
RADIUS
TACACS/+
CHAPTER 3
Securing Internet Connections
Ports and Sockets
Web vulnerabilities
E-mail
E-mail protocols
SMTP
POP/POP3
IMAP
E-mail vulnerabilities
SPAM
Hoaxes
Web
Secure web connections
SSL/TLS
HTTP/S
FTP
ActiveX
Buffer Overflows
CGI
Cookies
Cross-site Scripting (XSS)
Input validation
Java Applets
JavaScript
Popups
Signed Applets
SMTP Relay
Blind/Anonymous FTP
Secure FTP
Sharing Files
Vulnerabilities
CHAPTER 3
Securing Internet Connections
ISPs like Akamai, AT&T, etc. protect data
transmissions from attack
Example: State of the Internet Report
Each quarter, Akamai publishes a quarterly "State of the Internet" report.
This report includes data gathered across Akamai's global server
network about attack traffic, average & maximum connection
speeds, Internet penetration and broadband adoption, and mobile
usage, as well as trends seen in this data over time.
Posted in Doc Sharing – .pdf shows slides of report
http://www.akamai.com/stateoftheinternet/
CHAPTER 3
Ports, Sockets and Sniffers
Port Scanners:
http://sectools.org/port-scanners.html
Packet Sniffers:
http://sectools.org/sniffers.html
http://www.wireshark.org/download.html
Vulnerability Scanners:
http://sectools.org/tag/vuln-scanners/
CHAPTER 3
SNMP and Other TCP/IP Protocols
Simple Network Management Protocol (SNMP)
Internet Control Message Protocol (ICMP)
Internet Group Message Protocol (IGMP)
ICMP vulnerability - A denial of service vulnerability exists
that could allow an attacker to send a specially crafted Internet
Control Message Protocol (ICMP) message to an affected
system.
http://www.securiteam.com/exploits/5SP0N0AFFU.html
http://www.securiteam.com/securitynews/
CHAPTER 3
Cabling, Wires and Communications
Coax
Unshielded and Shielded Twisted Pair (UTP/STP)
Fiber Optic
Infrared
Radio Frequency
Microwave
CHAPTER 3
Removable Media
Data on the move…
CD-R/DVD-R
Diskettes
Flash Cards
Hard Drives
Network Attached Storage
Smart Cards
Tape
Thumb Drives
UNIT 3
Unit 3 Assignment
Unit 3 Assignment
1. Explain the
vulnerabilities and
mitigations associated
with network devices
(hardware).
2. Explain the
vulnerabilities and
mitigations associated
with various
transmission media
such as coax, UTP,
fiber, etc.
UNIT 3
Unit 3 Assignment
1. Explain the vulnerabilities and mitigations associated
with network devices (hardware).
At least five devices – firewall, router, switch, etc.
Example: discuss how a router works, how it is vulnerable
to attack/malfunction, AND how it can be protected.
One paragraph for each of five devices.
2. Explain the vulnerabilities and mitigations associated
with various transmission media such as coax, UTP,
fiber, etc. At least one paragraph on these three.