Transcript Document
UNIT 4 SEMINAR
Unit 4
Chapter 4 in CompTIA Security +
Course Name – IT286-01 Introduction to Network Security
Instructor – Jan McDanolds, MS
Contact Information: AIM – JMcDanolds
Email – [email protected]
Office Hours: Tuesday 4:00 PM ET and Wednesday 6:00 PM ET
1
CHAPTER 4 OVERVIEW
Monitoring Activity and Intrusion Detection
Monitoring the Network
Understanding Intrusion Detection Systems
Working with Wireless Systems
Understanding Instant Messaging Features
Working with 8.3 File Naming
Understanding Protocol Analyzers
Understanding Signal Analysis and Intelligence
Footprinting
Scanning
2
CHAPTER 4
Monitoring the Network
Monitoring – what is it? Who does it ? Why do you
need to know how to do it?
Types of Network Traffic
TCP/IP
Novell - IPX/SPX and NDS/eDirectory
Microsoft - NetBIOS/NetBEUI and WINS
Network File System (NFS)
Apple
Monitoring Network Systems – tap locations
3
CHAPTER 4
Real Time Monitoring
There are many scanning and monitoring tools
Freeware:
Ethereal http://ethereal.com/
Ethereal works on Windows XP - you will need to install WinPcap
http://www.winpcap.org/
Wireshark http://wiki.wireshark.org/
One example of vendor products:
NetScanTools Basic is a free download
NetScanTools Pro is $249 less 20% for education discount.
NetScanTools http://www.netscantools.com/
4
CHAPTER 4
Real Time Monitoring
Field Trip…
Visit to Akamai Technologies‘ state-of-the-art Network
Operations Command Center, located in
Cambridge, Massachusetts. The Akamai NOCC
enables proactive monitoring and troubleshooting of
all servers in the global Akamai network.
Left hand side of screen – 20 minute video
ONLY first 3 minutes - you can view the
entire tour later…
http://www.akamai.com/html/technology/nocc.html
5
CHAPTER 4
Real Time Monitoring
Field Trip…
Ethical Hacking How To: Tutorial on ARP Scanning to Discover ALL
Local Devices
http://www.netscantools.com/videos.html
http://www.youtube.com/watch?v=ClM2UgQpEPA
Later…
Visit to the “Case of the Disappearing Sales Calls”. Outlines how a sales
rep’s traffic indicated how she spent time at work. Betty DeBois
http://www.cacetech.com/resources.html
http://www.cacetech.com/media/network_mysteries/disappearing_sales_calls/
6
CHAPTER 4
Intrusion Detection Systems
Terms – pg 180 to 190
Intrusion detection systems (IDS)
Two primary approaches:
signature-based and anomaly-based
Signature-based - misuse-detection IDS (MD-IDS)
Anomaly-detection IDS (AD-IDS)
Network-based IDS (N-IDS)
Passive Response
Active Response
Host-based IDS (H-IDS)
NIPS – Network Intrusion Prevention Systems
7
CHAPTER 4
Intrusion Detection Systems
Software, hardware, managed IDS
Symantec, Cisco, McAfee, IBM, etc.
Open source:
Snort : Everyone's favorite open source IDS
Snort® is an open source network intrusion prevention and detection
system (IDS/IPS) developed by Sourcefire.
Etc.
8
CHAPTER 4
Using Honeypots
What is a honeypot?
A computer that is designated as a target for computer attacks and is
used to gather information about the attacker.
SANS article
http://www.sans.org/security-resources/idfaq/honeypot3.php
9
CHAPTER 4
Understanding Incident Response
Step 1: Identifying the Incident
Step 2: Investigating the Incident
Step 3: Repairing the Damage
Step 4: Documenting and Reporting the
Response
Step 5: Adjusting Procedures
10
CHAPTER 4
Working with Wireless Systems
Wireless Transport Layer Security (WTLS)
IEEE 802.11x Wireless Protocols
WEP/ WAP
Wireless Vulnerabilities
Wireless Intrusion Detection System (WIDS)
Motorola - http://www.airdefense.net/
http://www.wildpackets.com/
11
CHAPTER 4
Instant Messaging
IM Vulnerabilities
Controlling Privacy
12
CHAPTER 4
Working with 8.3 File Naming
Carryover from the days of FAT
Common file extensions for executables
13
CHAPTER 4
Understanding Protocol Analyzers
Protocol analyzing and packet sniffing are
interchangeable terms
Sniffing is the process of monitoring data
transmitted across a network
Instant Messaging is susceptible to sniffing
14
CHAPTER 4
Signal Analysis and Signal Intelligence
Footprinting
Scanning
15
CHAPTER 4 SUMMARY
Monitoring versus Auditing
External monitoring – Internal monitoring
Audit Logs - User privileges, file access,
sensitive folders (examples)
Real-time versus alert-based, regularly
required audit log analysis
More on Auditing later - discussed in a later chapter.
16
CHAPTER 4
Unit 4 Assignment
Unit 4 Project - Three questions, each at least one page.
1. Using your favorite Internet search tool search out and evaluate three
protocol analyzers. List advantages and disadvantages for each of the three
selected.
2. Examine honeypots in terms of system monitoring. Do you feel these are a
benefit or are they are not worth the time/risk/expense? Defend your position.
3. Compare and contrast footprinting and scanning. Describe defense
measures you can take as a network administrator to defend against each.
APA Style – Title Page, Reference Page. Where did you find your info.
Questions?
17