UNIT 2 SEMINAR
Unit 2Unit 2Chapter 1 and 2 in CompTIA Chapter 1 and 2 in CompTIA
Security +Security +
Course Name – IT286-01 Introduction to Network SecurityInstructor – Jan McDanolds, MS, Security+Contact Information: AIM – JMcDanolds Email – [email protected] Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
CHAPTER 1 REVIEW
Security in the news…Back-Up Supplier Acronis Apologizes For Data LeakJuly 9, 2012
Tom Brewster reports: Back-up vendor Acronis has admitted some of its customers’ data leaked onto the Web, as it opens an investigation into what went wrong. Acronis said certain information from its knowledge base was opened up to everyone after the access control settings were reset to default. The back-up supplier said most of the content in the database was not “sensitive or confidential”.http://www.databreaches.net/?p=24707
CHAPTER 1 REVIEW
Security in the news…
CHAPTER 1 REVIEW
Chapter 1
General Security ConceptsUnderstanding Information SecurityUnderstanding the Goals of Information SecurityComprehending the Security Process Authentication Issues to ConsiderDistinguishing Between Security Topologies
Also in the textbook, note the breakdown of the “domains” for the Security+ exam in the Introduction and the self Assessment Test.
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… Open your ebook file to Chapter 1. Pick up points for some quick
definitions. Type a brief definition.
#1 - Three components of…
The security triad
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… (continued)
#2 - Name the…
Three components of Physical Security
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… (continued)
#3 - Operational Security
Name four operational security issues
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… (continued)
#4 - Management and Policies
Name three key policy areas
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… (continued)
#5 - Implementing Access Control…
Three basic models for access control
CHAPTER 1 REVIEW
General Security Concepts
Rapid Fire… (continued)
#6 - Security Topologies cover four primary areas:
The four security topology areas
CHAPTER 1 REVIEW
End of Chapter 1Exam Essentials – if you are gathering information to
review as a comparison to the CompTIA test domain content
Hands-on Labs – not a graded item. This section reminds us to keep our systems up to date. Microsoft’s second Tuesday updates, security vendor’s virus file update (daily), etc.
Review Questions with the answers after – use these to study concepts
CHAPTER 2
Chapter 2 - Identifying Potential RisksWhat is a risk? WASHINGTON, Feb 7, 2011 -- Cyberspies have penetrated the U.S. electrical grid
and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. Wall Street Journal
What is an attack? Attack - when an unauthorized individual or group attempts to
access, modify or damage systems or environment.
Attacks Strategies – the bad guys have one or more of these goals:1. Access attack – access to resources2. Modification or repudiation attack – modify information3. Denial-of-service attack – disrupt the network, denying users access
CHAPTER 2
Identifying Potential Risks
Quick check of terms/concepts:
Attack Goals (three) – Access Attack Types – Modification and Repudiation Attacks –DOS and DDOS Attacks – ZombiesBotnetBackdoor SpoofingMan-in-the-MiddleTCP/IP layersSniffingOVAL
CHAPTER 2
Identifying Potential Risks
Overview:Calculating Attack StrategiesRecognizing Common AttacksIdentifying TCP/IP Security ConcernsUnderstanding Software ExploitationUnderstanding OVALSurviving Malicious CodeUnderstanding Social EngineeringAuditing Processes and Files
CHAPTER 2
Hacking InternallyHow To Hack Into Someone's PC Through IPDO NOT DO THIS in a production environment – you could be fired.
Connecting to a computer remotely using IP Angry IP Scanner (or simply ipscan) is an open-source and cross-
platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features. It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies
nbtstat -a (victim's IP)net view \\(victim's IP)net use x: \\(victim's IP)\(disk name)* Brackets don't include
http://www.youtube.com/watch?v=LXTRS_gukgs&feature=related
CHAPTER 2
Types of Attacks
Access attack – someone who should not be able to wants to access your resources
Eavesdropping, snooping, interceptionModification and repudiation attack – someone wants to modify information in your systems
Change grades, fraudulent transactions,Denial of Service (DoS) attack – an attempt to disrupt your network and services
CHAPTER 2
TCP/IP Attacks
Sniffing the NetworkScanning PortsTCP attacks
TCP SYN or TCP ACK Flood AttackTCP Sequence Number AttackTCP/IP Hijacking
UDP attacksICMP AttacksSmurf AttacksICMP Tunneling
CHAPTER 2
Understanding OVAL
Open Vulnerability and Assessment Languagehttp://oval.mitre.org
OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community.
A community written standard in XML to promote open and publicly available security contentConsists of:
A languageAn interpreterA repository
CHAPTER 2
Surviving Malicious Code
VirusesTrojan horsesLogic BombsWormsAntivirus software
How does malicious code get in? Binders and Malware (three part article) How to article showing malicious code being bound to a legitimate program. http://www.windowsecurity.com/articles/Binders-Malware-Part1.html
CHAPTER 2
Social Engineering
Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization.
Preys on the trusting nature of people to breach security.
Can be prevented through training and standard security policies.
CHAPTER 2
Auditing Processes and FilesSecurity log files - Security audit files Vulnerability scannerReview security and audit logs using Event Viewer in Windows 7Go to: Control Panel, Systems and Security, Administrative Tools, Event Viewer
UNIT 2
Unit 2 AssignmentUnit Two Project 1. Perform a web search using your favorite search engine (yahoo.com, google.com, etc) on some of the most popular methods used to implement the various attacks discussed in Chapter 2. Then, discuss ways to prevent these attacks or at least minimize their effects on your organization.
2. Security topology covers four primary areas of concern (design goals, security zones, technologies, and business requirements). Describe each area including key topics in each area.
3. Discuss software threats classified as malicious code on page 81 of your text.
CHAPTER 2
Clarification of Question 1 on Unit 2 Project
From the Project Rubric: For example, look for the methods used to start a Denial of Service (DoS) attack like which software is used, the motives behind DoS, etc. Then, discuss ways to prevent these attacks or at least minimize their effects on your organization.
There are attack types from page 54 through 63. Don’t just discuss DoS, there are various types listed.
Understands attack types 5 points Presents measures to prevent attacks 5 pointsReferences reputable web sites 5 points