UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

Slides:

Advertisements

Similar presentations

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Advertisements

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Guide to Network Defense and Countermeasures Second Edition

Security+ Guide to Network Security Fundamentals

Intrusion Detection Systems and Practices

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Security Awareness: Applying Practical Security in Your World

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Network Administration! Course Name – IT278 Network Administration Instructor – Jan McDanolds,

Intrusion Detection Chapter 12.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

Intrusion Detection Chapter 12.

What is FORENSICS? Why do we need Network Forensics?

Network Security Evan Roggenkamp

Intrusion Detection Systems Austen Hayes Cameron Hinkel.

Module 14: Configuring Server Security Compliance

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Guide to Network Defense and Countermeasures

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and.

UNIT 3 SEMINAR Unit 3 Chapter 3 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Introduction to Network Security! Course Name – IT Introduction to Network Security.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Introduction to Network Security! Course Name – IT Introduction to Network Security.

Cryptography and Network Security Sixth Edition by William Stallings.

NetTech Solutions Protecting the Computer Lesson 10.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.

Introduction1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit switching,

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

UNIT 5 SEMINAR Unit 5 Chapter 5 in CompTIA Security + Course Name – IT286 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

UNIT 8 SEMINAR Unit 8 Chapter 10, plus Lab 12 Course Name – IT Network Design Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM.

Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Introduction to Network Security! Course Name – IT Introduction to Network Security.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Network Management Unit 4 Course Name – IT Network Management Instructor – Jan McDanolds, MS,

Introduction to Operating Systems

IDS Intrusion Detection Systems

CSCE 548 Student Presentation By Manasa Suthram

Working at a Small-to-Medium Business or ISP – Chapter 8

Wireless Network Security

Click to edit Master subtitle style

NETWORK SECURITY LAB Lab 9. IDS and IPS.

Intrusion Detection Systems (IDS)

Presentation transcript:

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds – Office Hours: Tuesday 4:00 PM ET and Wednesday 6:00 PM ET 1

CHAPTER 4 OVERVIEW Monitoring Activity and Intrusion Detection Monitoring the Network Understanding Intrusion Detection Systems Working with Wireless Systems Understanding Instant Messaging Features Working with 8.3 File Naming Understanding Protocol Analyzers Understanding Signal Analysis and Intelligence Footprinting Scanning 2

CHAPTER 4 Monitoring the Network Monitoring – what is it? Who does it ? Why do you need to know how to do it? Types of Network Traffic TCP/IP Novell - IPX/SPX and NDS/eDirectory Microsoft - NetBIOS/NetBEUI and WINS Network File System (NFS) Apple Monitoring Network Systems – tap locations 3

CHAPTER 4 There are many scanning and monitoring tools Freeware: Ethereal - Ethereal works on Windows XP - you will need to install WinPcap Wireshark - One example of vendor products: NetScanTools Basic is a free download NetScanTools Pro is $249 less 20% for education discount. NetScanTools 4 Real Time Monitoring

CHAPTER 4 Field Trip… Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. Left hand side of screen – 20 minute video ONLY first 3 minutes - you can view the entire tour later… 5 Real Time Monitoring

CHAPTER 4 Field Trip… Ethical Hacking How To: Tutorial on ARP Scanning to Discover ALL Local Devices Later… Visit to the “Case of the Disappearing Sales Calls”. Outlines how a sales rep’s traffic indicated how she spent time at work. Betty DeBois Real Time Monitoring

CHAPTER 4 Intrusion Detection Systems Terms – pg 180 to 190 Intrusion detection systems (IDS) Two primary approaches: signature-based and anomaly-based Signature-based - misuse-detection IDS (MD-IDS) Anomaly-detection IDS (AD-IDS) Network-based IDS (N-IDS) Passive Response Active Response Host-based IDS (H-IDS) NIPS – Network Intrusion Prevention Systems 7

CHAPTER 4 Intrusion Detection Systems Software, hardware, managed IDS Symantec, Cisco, McAfee, IBM, etc. Open source: Snort : Everyone's favorite open source IDS Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Etc. 8

CHAPTER 4 Using Honeypots What is a honeypot? A computer that is designated as a target for computer attacks and is used to gather information about the attacker. SANS article 9

CHAPTER 4 Understanding Incident Response Step 1: Identifying the Incident Step 2: Investigating the Incident Step 3: Repairing the Damage Step 4: Documenting and Reporting the Response Step 5: Adjusting Procedures 10

CHAPTER 4 Working with Wireless Systems Wireless Transport Layer Security (WTLS) IEEE x Wireless Protocols WEP/ WAP Wireless Vulnerabilities Wireless Intrusion Detection System (WIDS) Motorola

CHAPTER 4 Instant Messaging IM Vulnerabilities Controlling Privacy 12

CHAPTER 4 Working with 8.3 File Naming Carryover from the days of FAT Common file extensions for executables 13

CHAPTER 4 Understanding Protocol Analyzers Protocol analyzing and packet sniffing are interchangeable terms Sniffing is the process of monitoring data transmitted across a network Instant Messaging is susceptible to sniffing 14

CHAPTER 4 Signal Analysis and Signal Intelligence Footprinting Scanning 15

CHAPTER 4 SUMMARY Monitoring versus Auditing External monitoring – Internal monitoring Audit Logs - User privileges, file access, sensitive folders (examples) Real-time versus alert-based, regularly required audit log analysis More on Auditing later - discussed in a later chapter. 16

CHAPTER 4 Unit 4 Assignment Unit 4 Project - Three questions, each at least one page. 1. Using your favorite Internet search tool search out and evaluate three protocol analyzers. List advantages and disadvantages for each of the three selected. 2. Examine honeypots in terms of system monitoring. Do you feel these are a benefit or are they are not worth the time/risk/expense? Defend your position. 3. Compare and contrast footprinting and scanning. Describe defense measures you can take as a network administrator to defend against each. APA Style – Title Page, Reference Page. Where did you find your info. Questions? 17