Security practices

Unit objectives Secure an operating system Secure network devices

Topic A Topic A: Operating systems Topic B: Devices

Antivirus software Combat viruses Real-time scanners Checksum Definition files Antivirus products

Activity A-1

Installing antivirus software

Spyware Software installed without user’s

knowledge Installed along with another app Hidden in license agreement File sharing sites

Windows Defender Severe High Medium Low Not yet classified

Activity A-2

Scanning your system for spyware

Securing the operating system Hardening Hotfixes Patches Updates Service packs

Windows Update

Updates Important Recommended Optional

Activity A-3

Updating the operating system

Patch management View list of installed updates View update information Uninstall updates when necessary

Activity A-4

Managing software patches

Other updates Firmware BIOS

System Information Complete system summary Run msinfo32 BIOS and SMBIOS versions

Activity A-5

Determining BIOS version

Windows Firewall Host-based firewall Windows Vista and Windows Server 2008 Filters communication Protects the operating system

Activity A-6

Configuring Windows Firewall

Topic B Topic A: Operating systems Topic B: Devices

Firewalls and proxy servers Firewalls

– NAT– Basic packet filtering– Stateful packet inspection– Access control lists– Network layer vs Application layer

Proxy servers– Manages client communication– Masks internal IP addresses

Internet content filters– Block access to sites

Activity B-1

Examining firewalls and proxy servers

Security zones Divide network into levels of security

– Intranet– Perimeter– Extranet

Intranet Organization’s private network Private addresses Additional measures

– Antivirus software– Removing unnecessary services– Auditing– Subnetting

Perimeter network Prevent direct communication with

intranet from extranet (Internet) Kept separate from the intranet Demilitarized zone (DMZ)

DMZ Screened host Bastion host Three-homed firewall Back-to-back firewall Dead zone

Screened host

Bastion host

Three-homed firewall

Back-to-back firewall

Dead zone

Traffic filtering Outgoing

– From a DMZ computer– Determine computer functions within

DMZ Incoming

– Source addresses– Uninitiated inbound traffic

Activity B-2

Comparing firewall-based secure topologies

Network access control Ensures policy compliance Microsoft’s Network Access Protection Third-party vendors

Activity B-3

Identifying the benefits of NAC

Virtual private network Secure

communication across the Internet

Mobile employees TCP/IP

communications encrypted

Tunneling VPN concentrators

IPSec encryption Secures IPv4 and IPv6

communications Encryption

– Tunnel– Transport

Activity B-4

Identifying the security enabled by VPNs

Security issues Built-in management interfaces Physical attack susceptibility

Built-in management interfaces HTTP, Telnet, and SNMP interfaces

vulnerable to attack Switches

– Default passwords– Network sniffing

Secure and unsecure methods Telnet HTTP, HTTPS, SHTTP FTP, SFTP, TFPT SNMP SSH and SCP RSH and RCP

Physical attack susceptibility Physical access

– Theft– Reconfiguration– Eavesdropping– Network hijacking

Activity B-5

Identifying inherent weaknesses in network devices

Overcoming device weaknesses Change default passwords Disable features Update or upgrade firmware and

software Monitor

Activity B-6

Examining the ways to overcome device threats

Intrusion detection and prevention IDS systems monitor network IDS system classified as

– Anomaly-based– Behavior-based– Signature-based

Passive vs reactive actions NIDS vs HIDS IDS determinations

– True negative– True positive– False positive– False negative

Activity B-7

Discussing IDS characteristics

NIDS Network location Indicators of malicious activity Active reaction options Passive reaction options Examples

– Cisco’s IOS NIDS– Computer Associates eTrust Intrusion

Detection

HIDS HIDS operation Logs File modifications Application and resource monitoring Network traffic monitoring

HIDS advantages Can verify an attack Can monitor individual users Monitor direct physical attacks No reliance on network location or

topology

Activity B-8

Comparing HIDS and NIDS

Physical access control Physical tokens Locks

– Preset– Deadbolt– Cipher

Door delay Key override Master key ring Hostage alarm

Man-trap Fences Lights

Activity B-9

Identifying the risks associated with physical access to systems

Surveillance Security guards Guard dogs Logging physical access to facility

Activity B-10

Examining logging and surveillance best practices

Unit summary Secured an operating system Secured network devices