© SYBEX Inc. 2008. All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”

Slides:



Advertisements
Similar presentations
© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Advertisements

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
IS Network and Telecommunications Risks
Handling Security Incidents
Network Attack and Defense
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Network Threats and Mitigation Networking Essentials Chapter 14 Spring, 2013.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Types of Attacks and Malicious Software
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
.  Differentiate among various systems’ security threats:  Privilege escalation  Virus  Worm  Trojan  Spyware  Spam  Adware  Rootkits  Botnets.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Attack Vectors and Mitigations. Attack Vectors ? Network Security2T. A. Yang
Security System Ability of a system to protect information and system resources with respect to confidentiality and integrity.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
UNIT 2 SEMINAR Unit 2 Chapter 1 and 2 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS, Security+
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Ch. 2 Protocol Architecture. 2.1 The Need for a Protocol Architecture Same set of layered functions need to exist in the two communicating systems. Key.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
CompTIA Security+ Study Guide (SY0-401) Chapter 9: Malware, Vulnerabilities, and Threats.
Network Security (the Internet Security)
Chapter 7: Identifying Advanced Attacks
Instructor Materials Chapter 7 Network Security
Information Systems Security
Managing Secure Network Systems
Backdoor Attacks.
EN Lecture Notes Spring 2016
Classification of various Attacks.
Chapter 17 Risks, Security and Disaster Recovery
Security Fundamentals
Answer the questions to reveal the blocks and guess the picture.
Tool Server Workstation Router Universal
CompTIA Security+ Study Guide (SY0-501)
امنیت اطلاعات و ضرورت آن
1:53:58 AM.
Lecture 3: Secure Network Architecture
Networking for Home and Small Businesses – Chapter 8
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Chapter Goals Discuss the CIA triad
Chapter 14: Protection.
Presentation transcript:

© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Types of Attacks Access attack – someone who should not be able to wants to access your resources Modification and repudiation attack – someone wants to modify information in your systems Denial of Service (DoS) attack – an attempt to disrupt your network and services

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Recognizing Common Attacks Back Door Attacks Spoofing Attacks Man-in-the-Middle Attacks Replay Attacks Password Guessing Attacks Privilege Escalation

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Security Concerns and TCP/IP Overview of Protocol Suite –Application Layer –Host-to-host or Transport Layer –Internet Layer –Network Interface Layer Protocols and Services –Ports –TCP Three-way handshake –Application Interfaces

© SYBEX Inc All Rights Reserved. Security Concerns and TCP/IP (cont.) TCP/IP Attacks –Sniffing the Network –Scanning Ports –TCP attacks TCP SYN or TCP ACK Flood Attack TCP Sequence Number Attack TCP/IP Hijacking –UDP attacks ICMP Attacks Smurf Attacks ICMP Tunneling

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Software Exploitation Database exploitation Application exploitation exploitation Spyware Rootkits

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. OVAL Open Vulnerability and Assessment Language A community written standard in XML to promote open and publicly available security content Consists of: –A language –An interpreter –A repository

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Surviving Malicious Code Viruses Trojan horses Logic Bombs Worms Antivirus software

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Social Engineering Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. Preys on the trusting nature of people to breach security. Can be prevented through training and standard security policies.

© SYBEX Inc All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

© SYBEX Inc All Rights Reserved. Auditing Processes and Files Security log files Security audit files Vulnerability scanner

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.