Presentation is loading. Please wait.

Presentation is loading. Please wait.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Published byJeremy Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to."— Presentation transcript:

1 This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher. All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or email gtslearning. 5.4 Security Software CompTIA Server+ Certification (Exam SK0-004)

2 Objectives Understand the role of security software such as anti-malware, IDS, and NAC Diagnose and troubleshoot security issues 5.4 Security Software 416

3 Privilege escalation Malware symptoms o Computer fails to boot / locks up o File system corrupted or deleted o Date stamps and file sizes of infected files change o Permissions attributes of files change, resulting in "Access Denied" errors o New executable files (EXEs and DLLS) appear o Strange messages or graphics appear on the screen o Security applications or services stop working o Applications or Windows tools stop working or crash frequently o Performance at startup or generally is very slow - excessive use of CPU and memory resources by suspicious processes o Network performance is slow or Internet connections are disrupted Malware 5.4 Security Software 416

4 Anti-virus / Anti-malware Software Virus identification Removal / quarantine Policies 5.4 Security Software 417

5 File system integrity o sfc o ReFS o SecureCheq o AIDE Downloaded files o Checksums File Integrity Issues 5.4 Security Software 418

6 Preventive Measures Configure and update security software Audit permissions 5.4 Security Software 419

7 Intrusion Detection Systems Real-time analysis of network traffic Network IDS (NIDS) o Sensor inside firewall o Spanned port on switch o Passive detection o Limited prevention 5.4 Security Software 420

8 Unified Threat Management o Intrusion detection / prevention o Malware scanning o Firewall o Traffic filtering Intrusion Detection and Prevention Systems (IDP / IPS) o Throttle bandwidth o Reconfigure firewall o Rewrite packets Unified Threat Management 5.4 Security Software 421

9 Host Intrusion Detection 5.4 Security Software 422

10 Signature-based o Must be updated with latest definitions o Many attacks do not conform to specific signatures Behavior-based (statistical / profile) o Train sensor to recognize baseline “normal” behavior o Heuristics (learning from experience) o Statistical model of behavior o Tuning period o High error rates Anomaly-based o Identify traffic that is non-compliant with RFCs Analysis Engine 5.4 Security Software 423

11 Defense-in-depth Device control Physical port security MAC address filtering and limiting o DHCP snooping IEEE 802.1X o Port-based Network Access Control (PNAC) Endpoint Security 5.4 Security Software 424

12 Network Access Control 5.4 Security Software 425

13 Vulnerability assessment o In-depth analysis of security systems and policies Pentest o Attack on live or test system Either can be disruptive to a production network Vulnerability Assessments 5.4 Security Software 426

14 Vulnerability Scanners Software configured with list of known exploits / vulnerabilities Active or passive detection Host / OS or web application 5.4 Security Software 426

15 Packet Sniffers 5.4 Security Software 427

16 Review Understand the role of security software such as anti-malware, IDS, and NAC Diagnose and troubleshoot security issues 5.4 Security Software 428

Download ppt "This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to."

Similar presentations

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.

Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Similar presentations

Ads by Google