1 / 142

CIT 016 Review for Final

CIT 016 Review for Final. Security+ Guide to Network Security Fundamentals Second Edition. Defining Information Security. Three characteristics of information must be protected by information security: Confidentiality Integrity Availability

leila-hebert
Télécharger la présentation

CIT 016 Review for Final

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIT 016Review for Final Security+ Guide to Network Security Fundamentals Second Edition

  2. Defining Information Security • Three characteristics of information must be protected by information security: • Confidentiality • Integrity • Availability • Information security achieved through a combination of three entities

  3. Importance of Information Security • Information security is important to businesses: • Prevents data theft • Avoids legal consequences of not securing information • Maintains productivity • Foils cyberterrorism • Thwarts identity theft

  4. Preventing Data Theft • Theft of data is single largest cause of financial loss due to a security breach • One of the most important objectives of information security is to protect important business and personal data from theft

  5. Developing Attacker Profiles • Six categories: • Hackers • Crackers • Script kiddies • Spies • Employees • Cyberterrorists

  6. Developing Attacker Profiles

  7. Hackers • Person who uses advanced computer skills to attack computers, but not with a malicious intent • Use their skills to expose security flaws • Know that breaking in to a system is illegal but do not intend on committing a crime • “Hacker code of ethics” • Target should have had better security

  8. Crackers • Person who violates system security with malicious intent • Have advanced knowledge of computers and networks and the skills to exploit them • Destroy data, deny legitimate users of service, or otherwise cause serious problems on computers and networks

  9. Script Kiddies • Break into computers to create damage • Not as skilled as Crackers • Download automated hacking software from Web sites and use it to break into computers • Tend to be young computer users with large amounts of leisure time, which they can use to attack systems

  10. Spies • Person hired to break into a computer and steal information • Do not randomly search for unsecured computers to attack • Hired to attack a specific computer that contains sensitive information • Possess excellent computer skills • Could also use social engineering to gain access to a system • Financially motivated

  11. Employees • One of the largest information security threats to business • Employees break into their company’s computer for these reasons: • To show the company a weakness in their security • Being overlooked, revenge • For money • Inside of network is often vulnerable because security focus is at the perimeter • Unskilled user could inadvertently launch virus, worm or spyware

  12. Cyberterrorists • Experts fear terrorists will attack the network and computer infrastructure to cause panic • Cyberterrorists’ motivation may be defined as ideology, or attacking for the sake of their principles or beliefs • Targets that are high on the cyberterrorists list are: • Infrastructure outages • Internet itself

  13. Cyberterrorists (continued) • Three goals of a cyberattack: • Deface electronic information to spread disinformation and propaganda • Deny service to legitimate computer users • Commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data

  14. Understanding Security Principles • Ways information can be attacked: • Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet • Spies can use social engineering • Employees can guess other user’s passwords • Hackers can create back doors • Protecting against the wide range of attacks calls for a wide range of defense mechanisms

  15. Layering • Layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated to thwart a variety of attacks • Information security likewise must be created in layers • All the security layers must be properly coordinated to be effective

  16. Layering (continued)

  17. Limiting • Limiting access to information reduces the threat against it • Only those who must use data should have access to it • Access must be limited for a subject (a person or a computer program running on a system) to interact with an object (a computer or a database stored on a server) • The amount of access granted to someone should be limited to what that person needs to know or do

  18. Limiting (continued)

  19. Diversity • Diversity is closely related to layering • You should protect data with diverse layers of security, so if attackers penetrate one layer, they cannot use the same techniques to break through all other layers • Using diverse layers of defense means that breaching one security layer does not compromise the whole system • Not just perimeter security • Possibly using different vendors • Increased administrative overhead

  20. Diversity (continued) • You can set a firewall to filter a specific type of traffic, such as all inbound traffic, and a second firewall on the same system to filter another traffic type, such as outbound traffic • Use application layer filtering by a Linux box before traffic hits the firewall • Use one device as the firewall and different device as the spam filter • Using firewalls produced by different vendors creates even greater diversity • This could add some complexity

  21. Obscurity • Obscuring what goes on inside a system or organization and avoiding clear patterns of behavior make attacks from the outside difficult • Network Address Translation • Port Address Translation • Internal ports different from external • External port 80  Internal port 8080

  22. Simplicity • Complex security systems can be difficult to understand, troubleshoot, and feel secure about • The challenge is to make the system simple from the inside but complex from the outside

  23. Using Effective Authentication Methods • Information security rests on three key pillars: • Authentication • Access control (Authorization) • Auditing (Accounting) • Also Known as AAA

  24. Effective Authentication Methods • Authentication: • Process of providing identity • Can be classified into three main categories: what you know, what you have, what you are • Most common method: providing a user with a unique username and a secret password

  25. Username and Password • ID management: • User’s single authenticated ID is shared across multiple networks or online businesses • Attempts to address the problem of users having individual usernames and passwords for each account (thus, resorting to simple passwords that are easy to remember) • Can be for users and for computers that share data

  26. Disabling Nonessential Systems • First step in establishing a defense against computer attacks is to turn off all nonessential services • Disabling services that are not necessary restricts attackers can use • Reducing the attack surface

  27. Disabling Nonessential Systems • A service can be set to one of the following modes: • Automatic • Manual • Disabled • Besides preventing attackers from attaching malicious code to services, disabling nonessential services blocks entries into the system

  28. Hardening Operating Systems • Hardening: process of reducing vulnerabilities • A hardened system is configured and updated to protect against attacks • Three broad categories of items should be hardened: • Operating systems • Applications that the operating system runs • Networks

  29. Hardening Operating Systems • You can harden the operating system that runs on the local client or the network operating system (NOS) that manages and controls the network, such as Windows Server 2003 or Novell NetWare

  30. Applying Updates • Operating systems are intended to be dynamic • As users’ needs change, new hardware is introduced, and more sophisticated attacks are unleashed, operating systems must be updated on a regular basis • However, vendors release a new version of an operating system every two to four years • Vendors use certain terms to refer to the different types of updates.

  31. Applying Updates (continued) • A service pack (a cumulative set of updates including fixes for problems that have not been made available through updates) provides the broadest and most complete update • A hotfix does not typically address security issues; instead, it corrects a specific software problem

  32. Applying Updates (continued)

  33. Applying Updates (continued) • A patch or a software update fixes a security flaw or other problem • May be released on a regular or irregular basis, depending on the vendor or support team • A good patch management system: • Design patches to update groups of computers • Include reporting system • Download patches from the Internet • Distribute patches to other computers

  34. Securing the File System • Another means of hardening an operating system is to restrict user access • Generally, users can be assigned permissions to access folders (also called directories in DOS and UNIX/Linux) and the files contained within them

  35. Firmware Updates • RAM is volatile―interrupting the power source causes RAM to lose its entire contents • Read-only memory (ROM) is different from RAM in two ways: • Contents of ROM are fixed • ROM is nonvolatile―disabling the power source does not erase its contents

  36. Firmware Updates (continued) • ROM, Erasable Programmable Read-Only Memory (EPROM), and Electrically Erasable Programmable Read-Only Memory (EEPROM) are firmware (flash) • To erase an EPROM chip, hold the chip under ultraviolet light so the light passes through its crystal window • The contents of EEPROM chips can also be erased using electrical signals applied to specific pins

  37. Firmware Updates (continued) • To update a network device we copy over a new version of the OS software to the flash memory of the device. • This can be done via a tftp server or a compact flash reader/writer • Router# copy tftp flash: • Having the firmware updated ensures the device is not vulnerable to bugs in the OS that can be exploited

  38. Network Configuration • You must properly configure network equipment to resist attacks • The primary method of resisting attacks is to filter data packets as they arrive at the perimeter of the network • In addition to making sure the perimeter is secure, make sure the device itself is secure by using strong passwords and encrypted connections • SSH instead of Telnet and console, vty passwords

  39. The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer TCP and UDP are based on port numbers Socket: combination of an IP address and a port number The IP address is separated from the port number by a colon, as in 198.146.118.20:80 Configuring Packet Filtering

  40. Network Configuration • Rule base or access control list (ACL): rules a network device uses to permit or deny a packet (not to be confused with ACLs used in securing a file system) • Rules are composed of several settings (listed on pages 122 and 123 of the text) • Observe the basic guidelines on page 124 of the text when creating rules

  41. Network Cable Plant • Cable plant: physical infrastructure of a network (wire, connectors, and cables) used to carry data communication signals between equipment • Three types of transmission media: • Coaxial cables • Twisted-pair cables • Fiber-optic cables

  42. Twisted-Pair Cables • Standard for copper cabling used in computer networks today, replacing thin coaxial cable • Composed of two insulated copper wires twisted around each other and bundled together with other pairs in a jacket

  43. Twisted-Pair Cables (continued) • Shielded twisted-pair (STP) cables have a foil shielding on the inside of the jacket to reduce interference • Unshielded twisted-pair (UTP) cables do not have any shielding • Twisted-pair cables have RJ-45 connectors

  44. Fiber-Optic Cables • Coaxial and twisted-pair cables have copper wire at the center that conducts an electrical signal • Fiber-optic cable uses a very thin cylinder of glass (core) at its center instead of copper that transmit light impulses • A glass tube (cladding) surrounds the core • The core and cladding are protected by a jacket

  45. Hardening Standard Network Devices • A standard network device is a typical piece of equipment that is found on almost every network, such as a workstation, server, switch, or router • This equipment has basic security features that you can use to harden the devices

  46. Switches and Routers • Switch • Most commonly used in Ethernet LANs • Receives a packet from one network device and sends it to the destination device only • Limits the collision domain (part of network on which multiple devices may attempt to send packets simultaneously) • A switch is used within a single network • Routers connect two or more single networks to form a larger network

  47. Hardening Network Security Devices • The final category of network devices includes those designed and used strictly to protect the network • Include: • Firewalls • Intrusion-detection systems • Network monitoring and diagnostic devices

  48. Firewalls • Typically used to filter packets • Designed to prevent malicious packets from entering the network or its computers (sometimes called a packet filter) • Typically located outside the network security perimeter as first line of defense • Can be software or hardware configurations

  49. Firewalls (continued) • Software firewall runs as a program on a local computer (sometimes known as a personal firewall) • Enterprise firewalls are software firewalls designed to run on a dedicated device and protect a network instead of only one computer • One disadvantage is that it is only as strong as the operating system of the computer

  50. Firewalls (continued) • Filter packets in one of two ways: • Stateless packet filtering: permits or denies each packet based strictly on the rule base • Stateful packet filtering: records state of a connection between an internal computer and an external server; makes decisions based on connection and rule base • Can perform content filtering to block access to undesirable Web sites

More Related