UNIT 3 SEMINAR

Unit 3Unit 3Chapter 3 in CompTIA Security Chapter 3 in CompTIA Security

++

Course Name – IT286-01 Introduction to Network SecurityInstructor – Jan McDanolds, MS, Security+Contact Information: Google chat - jmcdanolds Email – jmcdanolds@kaplan.eduOffice Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET

UNIT 3

Security in the news…July 12, 2012Hackers post 450K credentials apparently pilfered from YahooYahoo appears to have been the victim of a security breach that yielded more than hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer’s network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain (Yahoo Voices), intended the data dump to be a “wake-up call.”http://www.databreaches.net/?p=24724

Follow-up: Regulators criticize NYSEG for computer security breachThe New York State Public Service Commission (Commission) today received a report from Department of Public Service staff that both New York State Electric & Gas Corporation (NYSEG) and Rochester Gas & Electric (RG&E) failed to adequately protect confidential customer information from unauthorized access by outside parties.

In January 2012, NYSEG advised the Department that unauthorized parties had obtained access to confidential information of both NYSEG and RG&E customers, including Social Security Numbers, dates of birth, and in some cases, financial institution account information. http://www.databreaches.net/?p=24738

UNIT 3

Security in the news…Living a Lie - Identity Theft That Lasted Decades 10/1/2012When Florida Highway Patrol Trooper Richard Blanco—a member of the FBI’s Joint Terrorism Task Force (JTTF) in Jacksonville—interviewed an individual suspected of driver’s license fraud in 2011, he wasn’t initially sure if the man was the victim or the perpetrator of identity theft.

That’s because the man—now imprisoned and officially known as John Doe—had a stack of government-issued identification acquired during the 22 years he had been using a living victim’s identity. That included a passport, driver’s license, birth certificate, Social Security card, and identification allowing him unescorted access to a port and military installation.

http://www.fbi.gov/news/stories/2012/october/identity-theft-that-lasted-decades

UNIT 3

Security in the news…Information Technology Sector DHS Daily Open Source Infrastructure Report

October 2, Softpedia – (International) Prolexic: ‘itsoknoproblembro’ DDoS attacks are highly sophisticated. Experts from Prolexic Technologies claim a new type of distributed denial-of-service (DDoS) attack has not only increased in size, but also reached a new level of sophistication. DDoS attacks have recently caused a lot of problems for organizations; in September, the sites of several financial institutions were disrupted as a result of such operations. Prolexic found that many of the recent attacks against their customers relied on the itsoknoproblembro DDoS toolkit. Prolexic recorded massive sustained floods, some of which peaked at 70 Gbps and over 30 million pps. Itsoknoproblembro includes a number of application layer and infrastructure attack vectors, such as UDP and SSL encrypted attack types, SYN floods, and ICMP. The botnet that powers these attacks contains a large number of legitimate IP addresses. This allows the attack to bypass the anti-spoofing mechanisms deployed by companies. The DHS Daily Open Source Infrastructure Report is collected each business day as a summary of open-source published information concerning significant critical infrastructure issues. https://www.dhs.gov/dhs-daily-open-source-infrastructure-report

UNIT 2 REVIEW

What was covered in Unit 2…

Chapter 2 Review – Identifying Potential RisksIf you don’t know what you’re up against, how do you prepare…

Calculating Attack StrategiesRecognizing Common AttacksIdentifying TCP/IP Security ConcernsUnderstanding Software ExploitationUnderstanding OVALSurviving Malicious CodeUnderstanding Social EngineeringAuditing Processes and Files

UNIT 2 REVIEW

What was covered in Unit 2…

Chapter 2 - Identifying Potential RisksAttacks Strategies – the bad guys have one or more of these goals:

1. Access attack – access to resources2. Modification or repudiation attack – modify information3. Denial-of-service attack – disrupt the network, denying users

access

Social engineering - preys on the trusting nature of people to breach security.

Auditing Processes and Files - security log files, security audit files

CHAPTER 2 REVIEW

Common Attacks

Rapid Fire… Open your ebook file to Chapter 2. Quick definitions.

Type a brief definition.

#1 – What is a zombie? What runs on a zombie?

CHAPTER 2 REVIEW

Common Attacks

Rapid Fire… (continued)

#2 - Name two…

Back Door Attacks

CHAPTER 2 REVIEW

Common Attacks

Rapid Fire… (continued)

#3 – Name two types of…

Password guessing attacks

CHAPTER 2 REVIEW

Common Attacks

Rapid Fire… (continued)

#4 – Give the TCP Port Number of …

SNMP, HTTPS, and DNS

CHAPTER 1 REVIEW

General Security Concepts

Rapid Fire… (continued)

#2 - Name the…

Three components of Physical Security

UNIT 3 - CHAPTER 3

Infrastructure and ConnectivityProtecting the flow of data…

Understanding Infrastructure SecurityUnderstanding Network Infrastructure DevicesMonitoring and Diagnosing NetworksSecuring Workstations and ServersUnderstanding Mobile DevicesUnderstanding Remote AccessSecuring Internet ConnectionsUnderstanding Network ProtocolsBasics of Cabling, Wires and CommunicationsEmploying Removable Media

CHAPTER 3

Understanding Infrastructure Security

How information flows…

Hardware Components: Physical devices, such as routers, servers, firewalls, switches, workstations etc.

Software Components: Includes operating systems, applications, and management software

Example: NOC – Network Operations CenterAT&T Global Network Operations Centerhttp://www.corp.att.com/gnoc/IP Backbone - AT&T has over 940,000 worldwide fiber-route miles, a worldwide network that includes 232,798 Wi-Fi hotspots, 16.4 million broadband connections in service, and more than 105 million wireless customers. The network carries approximately 33 petabytes of data on an average business day.

CHAPTER 3

Field Trip…Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. 20 minute video

ONLY first 3 minutes - view the entire tour later… http://www.akamai.com/html/technology/nocc.html

14

Real Time Monitoring

CHAPTER 3

Network Infrastructure Devices

Firewall – the purpose is to isolate one network from another. Firewalls can be hardware, software, appliances, etc.

Types: Packet filter, proxy, stateful inspectionHubSwitchRouterModemRemote Access ServicesTelecom/PBX SystemsVirtual Private NetworksWireless Access Points

CHAPTER 3

Monitoring/Diagnosing NetworksWhat you don’t know can hurt you…Network Monitors (sniffers)Intrusion Detection Systems - IDS (discussed later)

Field Trips…http://learn-networking.com/network-security/three-archaic-backdoor-trojan-

programs-that-still-serve-great-pranks

Back Orifice 2000 – be careful! http://support.microsoft.com/kb/237280

Nmap ("Network Mapper") is a free utility for network exploration or security auditing. http://nmap.org/

Password Crackershttp://sectools.org/crackers.html

CHAPTER 3

Securing Workstations and Servers

Hardening systems:

Both workstations and servers are vulnerable.

Remove unused software, services and processesEnsure that all workstations, servers and applications are up to date - Patches, updates, fixes

Minimize information dissemination about the system

Ex: Lock down configuration settings, use group policies and security templates, disable unneeded functions, evaluate sharing services. Windows Server 2008 – Security Configuration Wizard

CHAPTER 3

Understanding Mobile Devices

Who is connecting to your network through a wireless device?

Include pagers, PDAs, cell phones, etc.WTLS layer (Wireless Transport Layer Security)WAP (Wireless Access Protocol) Wireless Session Protocol (WSP)

CHAPTER 3

Understanding Remote Access

Point-to-Point Protocol (PPP) plus CHAP – Challenge Handshake Authentication ProtocolTunneling Protocols

PPTPL2FL2TPSecure ShellIPSec (IP Security used with tunneling protocols)

802.1x Wireless ProtocolsRADIUSTACACS/+

CHAPTER 3

Securing Internet Connections

Ports and Sockets

E-mailE-mail protocols

SMTPPOP/POP3IMAP

E-mail vulnerabilitiesSPAMHoaxes

WebSecure web connections

SSL/TLSHTTP/S

Web vulnerabilitiesActiveXBuffer OverflowsCGICookiesCross-site Scripting (XSS)Input validationJava AppletsJavaScriptPopupsSigned AppletsSMTP Relay

FTPBlind/Anonymous FTPSecure FTPSharing FilesVulnerabilities

CHAPTER 3

Securing Internet Connections

ISPs like Akamai, AT&T, etc. protect data transmissions from attack

Example: State of the Internet Report

Each quarter, Akamai publishes a quarterly "State of the Internet" report. This report includes data gathered across Akamai's global server network about attack traffic, average & maximum connection speeds, Internet penetration and broadband adoption, and mobile usage, as well as trends seen in this data over time.

Posted in Doc Sharing – .pdf shows slides of report

http://www.akamai.com/stateoftheinternet/

CHAPTER 3

Ports, Sockets and Sniffers

Port Scanners:http://sectools.org/port-scanners.html

Packet Sniffers:http://sectools.org/sniffers.htmlhttp://www.wireshark.org/download.html

Vulnerability Scanners:http://sectools.org/tag/vuln-scanners/

CHAPTER 3

SNMP and Other TCP/IP Protocols

Simple Network Management Protocol (SNMP)Internet Control Message Protocol (ICMP)Internet Group Message Protocol (IGMP)

ICMP vulnerability - A denial of service vulnerability exists that could allow an attacker to send a specially crafted Internet Control Message Protocol (ICMP) message to an affected system.

http://www.securiteam.com/exploits/5SP0N0AFFU.htmlhttp://www.securiteam.com/securitynews/

CHAPTER 3

Cabling, Wires and Communications

CoaxUnshielded and Shielded Twisted Pair (UTP/STP)Fiber Optic InfraredRadio FrequencyMicrowave

CHAPTER 3

Removable Media

Data on the move…

CD-R/DVD-RDiskettesFlash CardsHard DrivesNetwork Attached StorageSmart CardsTapeThumb Drives

UNIT 3

Unit 3 AssignmentUnit 3 Assignment

1. Explain the vulnerabilities and mitigations associated with network devices (hardware). 2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc.

UNIT 3

Unit 3 Assignment1. Explain the vulnerabilities and mitigations associated

with network devices (hardware).At least five devices – firewall, router, switch, etc.

Example: discuss how a router works, how it is vulnerable to attack/malfunction, AND how it can be protected. One paragraph for each of five devices.

2. Explain the vulnerabilities and mitigations associated with various transmission media such as coax, UTP, fiber, etc. At least one paragraph on these three.