Date post: | 09-May-2017 |
Category: |
Documents |
Upload: | david-williamson |
View: | 213 times |
Download: | 0 times |
Spyware Software installed without user’s
knowledge Installed along with another app Hidden in license agreement File sharing sites
Patch management View list of installed updates View update information Uninstall updates when necessary
Windows Firewall Host-based firewall Windows Vista and Windows Server 2008 Filters communication Protects the operating system
Firewalls and proxy servers Firewalls
– NAT– Basic packet filtering– Stateful packet inspection– Access control lists– Network layer vs Application layer
Proxy servers– Manages client communication– Masks internal IP addresses
Internet content filters– Block access to sites
Intranet Organization’s private network Private addresses Additional measures
– Antivirus software– Removing unnecessary services– Auditing– Subnetting
Perimeter network Prevent direct communication with
intranet from extranet (Internet) Kept separate from the intranet Demilitarized zone (DMZ)
Traffic filtering Outgoing
– From a DMZ computer– Determine computer functions within
DMZ Incoming
– Source addresses– Uninitiated inbound traffic
Network access control Ensures policy compliance Microsoft’s Network Access Protection Third-party vendors
Virtual private network Secure
communication across the Internet
Mobile employees TCP/IP
communications encrypted
Tunneling VPN concentrators
Built-in management interfaces HTTP, Telnet, and SNMP interfaces
vulnerable to attack Switches
– Default passwords– Network sniffing
Physical attack susceptibility Physical access
– Theft– Reconfiguration– Eavesdropping– Network hijacking
Overcoming device weaknesses Change default passwords Disable features Update or upgrade firmware and
software Monitor
Intrusion detection and prevention IDS systems monitor network IDS system classified as
– Anomaly-based– Behavior-based– Signature-based
Passive vs reactive actions NIDS vs HIDS IDS determinations
– True negative– True positive– False positive– False negative
NIDS Network location Indicators of malicious activity Active reaction options Passive reaction options Examples
– Cisco’s IOS NIDS– Computer Associates eTrust Intrusion
Detection
HIDS HIDS operation Logs File modifications Application and resource monitoring Network traffic monitoring
HIDS advantages Can verify an attack Can monitor individual users Monitor direct physical attacks No reliance on network location or
topology
Physical access control Physical tokens Locks
– Preset– Deadbolt– Cipher
Door delay Key override Master key ring Hostage alarm
Man-trap Fences Lights