Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | rosaline-york |
View: | 213 times |
Download: | 0 times |
UNIT 5 SEMINAR
Unit 5Unit 5Chapter 5 in CompTIA Security Chapter 5 in CompTIA Security
++
Course Name – IT286-01 Introduction to Network SecurityInstructor – Jan McDanolds, MS, Security+Contact Information: AIM – JMcDanolds Email – [email protected] Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET
CHAPTER 4 REVIEW
Monitoring Activity and Intrusion Detection
Monitoring the NetworkUnderstanding Intrusion Detection Systems (IDS)Working with Wireless SystemsUnderstanding Instant Messaging FeaturesWorking with 8.3 File NamingUnderstanding Protocol AnalyzersUnderstanding Signal Analysis and Intelligence
FootprintingScanning
2
CHAPTER 4 REVIEW
Quick check of concepts…
Quickly type your response to these questions:
#1 What is NFS and why do we care?
#2 With IDS there is a data source. What makes up the raw information in the data source?
#3 Name a problem with Host-Based IDS.
#4 Bonus: Why should you discard WEP for WPA2?
CHAPTER 5 OVERVIEW
Implementing and Maintaining a Secure Network
Overview of Network Security ThreatsDefining Security BaselinesHardening the OS (operating system) and NOS (network operating system)Hardening Network DevicesHardening Applications
4
CHAPTER 5
Network Security ThreatsWhat should you do to learn about
national/international security threats?CERT Coordination Center (CERT/CC) US Computer Emergency Readiness Team http://www.cert.org
http://www.cert.org/insider_threat/
Field Trip….. http://www.kb.cert.org/vuls/
http://www.kb.cert.org/vuls/id/404051Example: Vulnerability Note VU#404051 - Dell SonicWALL Scrutinizer
9.5.0 and older versions contain a SQL injection vulnerability.
5
CHAPTER 5
Network Security Threats (continued)
Department of Homeland Security – Daily ReportsDHS Daily Open Source Infrastructure Reporthttp://www.dhs.gov/files/programs/editorial_0542.shtm
“The DHS Daily Open Source Infrastructure Report is collected each business day as a summary of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Infrastructure Protection Plan.”
Select current .pdf DHS Daily Open Source Infrastructure Report
6
Go to Fast Jump Menu - Information Technology from the Services menu
CHAPTER 5
Network Security Threats (continued)
SANs – The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization – now worldwide. http://www.sans.org/
SANs Internet Storm Center ISC http://isc.sans.edu/index.htmlInternet Storm Center http://isc.sans.org/Also: Tools List - http://isc.sans.edu/tools/
Laptop at Security Conferences (next page)http://isc.sans.edu/diary.html?storyid=13207
Stormcasts are daily 5-10 minute threat updates.
Podcast Field Trip…..http://isc.sans.edu/podcast.htmlISC StormCast
7
CHAPTER 5
Network Security Threats (continued)
Laptop at Security Conferences
http://isc.sans.edu/diary.html?storyid=13207Published: 2012-05-14, Last Updated: 2012-05-14 15:31:16 UTC by Chris Mohan (Version: 1)
“I’m often curious what other security folks do to keep their machine safe when they go to IT conferences. I often see what looks like standard office machines being used and wonder if any precautions have been taken.”
8
CHAPTER 5
Network Security Threats (continued)
SANS – Newsletters - Spend fifteen minutes a day keeping up with the high-level perspective of all the latest security news.
Field Trip…..http://www.sans.org/newslettersSANS Newsbites – slide down to ArchiveNewsBites is a semiweekly executive summary of news articles published on computer security during the last week.@Risk – select Archive – Date and then go down pagehttp://www.sans.org/newsletters/risk/display.php?v=11&i=11OUCH! Select ArchiveDisposing of computers…http://www.securingthehuman.org/newsletters/ouch/issues/201101.pdf
9
CHAPTER 5
Network Security Threats (continued)
SANS NewsBites Man Pleads Guilty to US $1.3 Million Phishing Scam (8th May 2012) A 31 year old US man from Atlanta, Georgia, pleaded guilty to his part in a phishing ring responsible for defrauding people of over US $1.3 million. Waya Nwaki, also known as "Shawn Conley," "USAprince12k," and "Prince Abuja", pleaded guilty to charges of wire fraud conspiracy, wire fraud, aggravated identity theft and computer fraud conspiracy. He could face up to 47 years in prison and a fine of US $250,000 for each count. According to the indictment filed with the U.S. District Court in New Jersey, Nwaki was part of an international gang of fraudsters with others named in the scheme as Karlis Karklins of Latvia; Charles Umeh Chidi of the United Kingdom; Alphonsus Osuala and Osarhieme Uyi Obaygbona of Atlanta; Marvin Dion Hill of College Park, Ga.; and Olani Yi Jones of Nigeria.
http://www.govinfosecurity.com/phisher-guilty-13-million-scam-a-4742http://www.msnbc.msn.com/id/47342263/ns/technology_and_science-security/t/georgia-man-admits-role-million-global-cyberscam/
10
CHAPTER 5
Network Security Threats (continued)
Read about current topics in security magazines:
SC Magazine http://www.scmagazine.com/
Information Security Magazine http://www.information-security-magazine.com/
Network Security Magazinehttp://www.network-security-magazine.com/
Info Security Magazinehttp://www.infosecurity-magazine.com/http://www.infosecurity-magazine.com/news/
11
CHAPTER 5
Network Security Threats (continued)
Listen to podcasts: http://www.govinfosecurity.com/interviews(See black bar under title, hit triangle)Interview with Chris Novak (May 11, 2012) 15 minutes http://www.govinfosecurity.com/interviews/improving-breach-investigations-i-1560
Improving Breach Investigations - In short, organizations need to know where data is stored and what it comprises. But Novak says most organizations have too much data and in too many places to manage. Many organizations just struggle with understanding the picture of the data problem," says Novak, a member of Verizon's investigative response team. "They don't necessarily know where they have data ... and how it's being handled."
Fraud Fighters Wanted (July 5, 2011) 13 minuteshttp://www.govinfosecurity.com/podcasts.php?podcastID=1177Global Threats Create Boom Times for Fraud Examiners Today's top fraud threats recognize no global boundaries, says James Ratley, head of the Association of Certified Fraud Examiners. And they require a stronger global workforce than ever before.
12
CHAPTER 5
Nessus and NMAPNessus - vulnerability scanner that was a free and open source vulnerability scanner until they closed the source code in 2005 and removed the free "registered feed" version in 2008
http://www.nessus.org/products/nessus
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.
http://nmap.org/
13
CHAPTER 5
Security BaselinesBack to the book…pg 222
What is a security baseline? “The base level of security that will be implemented and maintained.”
Depending on the environment, baseline security may include layers of protection, such as encryption, filtering, access control lists, authorization and authentication, and other security functions.
Tools to help:Baseline: http://www.computerbaseline.com/ Demo explains this product.VMWare/Shavlik – patch management, etc.Qualys: policy management, vulnerability scanning, etc.
14
CHAPTER 5
Security Baselines (continued)
Microsoft tools for baselines:Microsoft Security TechCenter – Patch Tuesday, Windows Updatehttp://technet.microsoft.com/en-us/securityMicrosoft Security Compliance Manager (SCM)http://technet.microsoft.com/en-us/solutionaccelerators/cc835245http://social.technet.microsoft.com/wiki/contents/articles/774.microsoft-security-compliance-manager-scm-en-us.aspx“baselines are based on Microsoft Security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.Microsoft Baseline Security Analyzerhttp://technet.microsoft.com/en-us/security/cc184922#EWBACSecurity Configuration Wizard (SCW) - attack-surface reduction tool included with Windows Server 2008 R2. SCW guides administrators in creating security policies based on the minimum functionality required for a server's role or roles.
15
CHAPTER 5
Security BaselinesCommon Criteria (CC)Evaluation Assurance Levels (EALs)
EAL 1EAL 2EAL 3EAL 4 – Recommended for commercial systems –Windows 7
EAL 5EAL 6EAL 7
16
CHAPTER 5
Hardening the OS and NOS
Configuring Network ProtocolsHardening Microsoft Windows Vista/Windows 7Hardening Microsoft Windows XPHardening Windows Server 2003/Server 2008Hardening Windows Server 2000
Hardening Unix/LinuxHardening Novell NetWareHardening Apple Macintosh
17
CHAPTER 5
Hardening the OS and NOSWindows Service Hardening restricts critical Windows services from running abnormal activities in the file system, registry, network or other areas that could be exploited by malware. Ex: Install Windows Server 2008 as a Server Core installation. Server Core provides a minimal environment for running specific server roles, reducing maintenance and management requirements and the attack surface.
Windows services represent a large percentage of the overall attack surface.
Windows Server 2008 limits the number of services that are running and operational by default. Security Configuration Wizard – examines roles, adjusts to role
18
CHAPTER 5
Hardening the OS and NOS
Hardening FilesystemsNTFS, Unix NFS, Apple AFS
Updating Your Operating SystemHotfixes, Service Packs and Support Packs, Patches
Microsoft Patch Tuesday: Monthly Security Bulletins http://technet.microsoft.com/en-us/security/bulletin/ms12-may
Articles - Help: I Got Hacked. Now What Do I Do?http://technet.microsoft.com/en-us/library/cc700813.aspxJesper M. Johansson, Ph.D., CISSP, MCSE, MCP+ISecurity Program Manager, Microsoft Corporation“After the very long Patch Management article last month, this month’s article is much shorter and to the point. Let’s just say you did not install the patches like we discussed last month. Now you got hacked. What to do?”
19
CHAPTER 5
Hardening Network Devices
Updating Network DevicesConfiguring Routers and Firewalls
Patches and Updates for Routers and Firewalls
Enabling/Disabling Services and ProtocolsWorking with Access Control Lists (ACLs)
20
CHAPTER 5
Application Hardening
Web ServersE-mail ServersFTP ServersDNS ServersNNTP ServersFile and Print Servers and ServicesDHCP ServicesData Repositories
21
CHAPTER 5
Application Hardening (cont)
Web Servers – IIS, Apache, anonymous, executable scripts, uploads, etc.
DNS Servershttp://www.networksolutions.com/whois/index.jsphttp://www.whois.net
Data RepositoriesDirectory Services – LDAP, Active Directory, X.500, SQL
22
CHAPTER 5
Unit 5 Assignment Unit 5 Project – Two Parts
23
CHAPTER 5
Unit 5 Project AssignmentTWO PARTS! Essay questions30 points for Part 11.1. Pick one NOS and one OS and describe the process of hardening it from attacks and intruders. (i.e. Windows XP and Windows Server 2008 OR Windows 7 and Linux Ubuntu)1.2. Pick two application server types listed in the text (pg. 240 to 246) and describe the process of hardening them from attacks and intruders
20 points for Part 2 - at least four paragraphsBased on the knowledge you have achieved thus far in our class, compose a brief synopsis compiling what you have learned about network security. Describe how you will use this knowledge with any other class, your present or future career, or your own personal life. APA Style for both Part 1 and Part 2.
24