Post on 18-Dec-2015
transcript
Fundamentals of NetworkingDiscovery 1, Chapter 8Basic Security
Objectives
• Identify & describe the various networking threats
• Identify different methods of attacks
•Describe security procedures and applications
•Describe the features of a firewall and how it can be used to protect against an attack
What’s Ahead…
•Networking Threats
•Methods of Attack
•Security Policy
•Using Firewalls
Networking
Threats
Network Intrusion•Attacks can be devastating
▫Cost money, time, theft of files, etc
•HACKERS▫Intruders who gain access by
modifying software or exploiting software vulnerabilities
4 Threats from Hacker• Information theft
• Identity theft
•Data loss / manipulation
•Disruption of service
4 Threats from the Hacker
•Stealing Confidential Info▫Credit card #’s▫Private Company info
such as a project in development
▫Could be sold
4 Threats from the Hacker
•Destroy or Alter Records▫Send a virus that
reformats HD▫Changing your grades▫Change store prices
4 Threats from the Hacker
• Identity Theft▫Stealing info to take on
identity▫Applying for credit cards
& buying stuff▫Obtain DL’s
4 Threats from the Hacker
•Disrupting Service▫Preventing user from
accessing services such as Internet
Activity
Activity
•What is a hacker?▫Handout
•Review posters and decide on the threat▫Handout
Where’d He Come From?
•External Threat▫Outside attacker▫Internet or Wireless
Where’d He Come From?• Internal Threat
▫Has authorized access Knows people & network Knows what info is valuable
▫OR someone may have just picked up a virus
•According to the FBI, internal access and misuse of computers systems account for approximately 70% of reported incidents of security breaches.
Discussion
•Who is the greatest threat?▫Internal or External
Social Engineering- The Trojan Horse
Social Engineering
•Easiest way to gain access…•Deceiving internal users into performing actions or
revealing confidential info▫Takes advantage of them▫Usually don’t meet them face-to-face
Fight Intrusion
• http://www.us-cert.gov/reading_room/before_you_plug_in.html
• http://www.us-cert.gov/reading_room/distributable.html
• Example 1
• Example 2
3 Types of Social Engineering
• Pretexting, Phishing, and Vishing
Phishing
Review
Let’s Try This…
•Cyber Security Awareness Quiz
Methods of
Attack
Other Attacks
•Viruses, Worms and Trojan horses▫Malicious software put
on hosts▫Damage system, destroy
data, deny access▫They can forward data
to thieves▫Can replicate to other
hosts
3 Evil Things
•Viruses, Worms and Trojan horses▫Go to 8.2.1.2
Simplified
Transmission Replication Behavior
Virus Attaches to a program
Can reproduce Causes havoc!
Worm Self-replicating Sends copies of itself to other comp. w/ security holes
Cause harm to network; ties up bandwidth
Trojan Horse
Computer program disguised
Does damage when run
Can’t replicate
Let’s See…
•GCIT
•Who wants to play…▫ID Theft Faceoff?▫Invasion of the Wireless Hackers?▫Phishing Scams?
•Quiz Time for all!▫http://www.sonicwall.com/phishing/
Activity
•Virus, Worm or Trojan Horse???
Homework
• Look up three current virus threats.▫Handout
Just Being Evil!
•Sometimes the goal is to shut a network down & disrupt the organization▫Can cost a business lots of money!!
Denial of Service (DoS)• In general, DoS attacks seek to:
▫Flood a system or network with traffic to prevent legitimate network traffic from flowing
▫Disrupt connections between a client and server to prevent access to a service
▫Some are not used much anymore, but can be
• SYN flooding• Ping of Death
DoS- SYN Flooding
DoS- Ping of Death!
•Sending SO MANY LARGE pings, the server can’t respond to anyone else!
DDoS
•DDoS▫Attack by multiple systems infected with DDoS code▫Sends useless data to server▫Overwhelms system & it crashes
Brute Force
•Fast computer used to guess passwords or decipher encryption code
•Brute force attacks can cause a denial of service due to excessive traffic to a specific resource or by locking out user accounts
•Try Activity on 8.2.2.3
Review•Name 3 types of social engineering.
▫Pretexting, Phishing, Vishing•How are you targeted in a pretexting attack?
▫Over the phone•You click on a pop-up window to claim a “prize.” A
program was installed w/out you knowing & now an attacker has access to your system. What is this called?▫Trojan Horse
Review
•Which attack doesn’t need activation and copies itself across the network?▫Worm
•A server is busy responding to a SYN with an invalid source IP address. What’s the attack?▫SYN Flooding
Other Threats
•Not all threats do damage▫Some collect info
•Collecting Info/Invading Privacy▫Spyware▫Tracking Cookies▫Adware▫Pop-ups
Spyware•Program that gathers personal info
w/out your permission▫Info sent to advertisers
•Usually installed unknowingly▫Downloaded, installing a program,
click on pop-up•Can slow computer down or make
settings changes•Can be difficult to remove
Toolbars
Keyloggers
Bundled Software
Tracking Cookies
•Form of spyware▫Not always bad
•Records info about user when they visit web sites▫Allows personalization▫Many sites require them
Adware
•Form of spyware•Records info about user when they visit web sites•For advertising purposes
▫Pop-ups & pop-ups of ads
Pop-Ups (and Pop-Unders)•Adware EXCEPT doesn’t collect any info
•Pop-ups▫Open in front of the current browser window
•Pop-unders▫Open behind the current browser window
What’s This?
Spam
•Unwanted bulk mail from advertisers•Spammer sends
▫Often sent through unsecured servers▫Can take control of computers▫Then sent from that computer to others
•On average, how many spam emails are sent to a person per year?▫3000
Review
•You visit a web site and see this annoying advertising tactic that appears in a new window. What is it?▫Pop-up
•This type of advertising is sent to many, many people. The advertiser uses no marketing scheme.▫Spam
•This form of spyware is not always bad & can be used for personalization of a site.▫Cookies
Security
Policy
Security Measures
•You can’t eliminate security breaches▫You can minimize the risks
•Policy•Procedures•Tools & Applications
Security Policy•Formal statement of rules when using tech
▫Acceptable use policy▫Detailed handbook
•What should be included?
Activity
• Let’s review some policies…
•GCIT•Klondike Middle School•Clearview High School
More Security Procedures
•The procedures help implement the policies•Some of the security tools and applications used in
securing a network include:
Rut Roh!
•Computer starts acting abnormally•Program does not respond to mouse and keystrokes.•Programs starting or shutting down on their own. •Email program begins sending out large quantities of
email•CPU usage is very high •There are unidentifiable, or a large number of,
processes running. •Computer slows down significantly or crashes
Anti-Virus Software
•Preventive & Reactive tool•Features
▫Email checker▫Dynamic Scanning (checks files when accessed)▫Scheduled scans▫Auto update
•When a virus is known, they will update it
Anti-Spam
•Spam sends unwanted emails▫Code takes over PC to send more
•The software ID’s it & places it in junk folder or deletes it
•On PC or on email server▫ISP may have a spam filter
Other ways to prevent spam
•Keep anti-virus up to date•Don’t forward suspect emails• Ignore the virus warning email•Report spam to admin to be blocked•Don’t open attachment from people you don’t know
Anti-Spyware
•Spyware & Adware cause virus-like symptoms▫Use computer resources
•This software can detect & delete them
•Pop-Up Blockers
Activity
Review
•This policy says what you can & can’t do on a network or computer.▫Acceptable use policy
•T or F. A-V companies like McAfee can protect you against every known virus & future viruses.▫False
•T or F. It is possible for legitimate emails to be marked as spam.▫True
Review
•T or F. With A-V & anti-spyware installed, you need not worry about opening email attachments. You are completely safe!▫False…why?
•Other than on your PC, Google’s Gmail servers have this security software installed.▫Spam Filter
Firewalls
What’s a firewall?•Controls traffic between networks & helps prevent
unauthorized access▫Permits or denies data
4 Types of Firewalls
Firewall Decisions Based On•Packet Filtering
▫Based on IP or MAC addresses
•Application / Web Site Filtering▫Based on the application.▫Websites can be blocked by URL or keywords
•Stateful Packet Inspection (SPI) ▫Must be responses from internal host▫DoS saver
Firewall Placement & DMZ
GCIT & DMZ
•Web Server (has GCIT web site)•Email Server (allows outside access)•File Server (allows file access from outside)•DRAW DMZ
Firewall & DMZ at home/ Port Forwarding/ Wireless AP internal• Let’s say you have a web server• It needs to handle web request while you still protect
you internal network•Create a DMZ with the Linksys
Lab 8.4.2.4
•DMZ Setup Lab▫Set up DMZ▫Set up port forwarding▫You can even set up time/day access (will not do in the
lab)
Review• Which type of firewall…
▫ Is dedicated hardware & the best? Appliance
▫ Is on a single computer? Personal
• What is an area that is accessible to internal PC’s & outside PC’s?▫ DMZ
• What 3 security measures can be set up for a server on your network that needs public access?▫ DMZ, port forward, time/day
Review
• How many firewalls would a big business use?▫ Two firewalls
• What of these can you setup in a wireless access point for security? ▫ Popup stopper, Change the default IP address, Update the
antivirus software, Tighten the cable between the AP and PC Change the AP default IP from 192.168.1.1 to 192.168.x.x
• Which process allows firewall entrance into the network ONLY IF it was requested from an internal PC?▫ SPI
Is Your Network Vulnerable?
•Tools to help identify where attacks can occur▫Number of hosts on a network▫The services hosts are offering▫The OS and update versions on hosts▫Packet filters and firewalls in use
• Lab 8.4.3.2?▫Vulnerability Analysis
Lab 8.4.3.2
•Vulnerability Analysis
Review- 10 Questions
8: Basic SecurityNetworking for Home & Small Business