Presentation is loading. Please wait.

Presentation is loading. Please wait.

© SYBEX Inc. 2008. All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”

Published byBuddy Kennedy Modified over 7 years ago

Similar presentations

Presentation on theme: "© SYBEX Inc. 2008. All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”"— Presentation transcript:

1 © SYBEX Inc. 2008. All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”

2 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

3 © SYBEX Inc. 2008. All Rights Reserved. Types of Attacks Access attack – someone who should not be able to wants to access your resources Modification and repudiation attack – someone wants to modify information in your systems Denial of Service (DoS) attack – an attempt to disrupt your network and services

4 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

5 © SYBEX Inc. 2008. All Rights Reserved. Recognizing Common Attacks Back Door Attacks Spoofing Attacks Man-in-the-Middle Attacks Replay Attacks Password Guessing Attacks Privilege Escalation

6 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

7 © SYBEX Inc. 2008. All Rights Reserved. Security Concerns and TCP/IP Overview of Protocol Suite –Application Layer –Host-to-host or Transport Layer –Internet Layer –Network Interface Layer Protocols and Services –Ports –TCP Three-way handshake –Application Interfaces

8 © SYBEX Inc. 2008. All Rights Reserved. Security Concerns and TCP/IP (cont.) TCP/IP Attacks –Sniffing the Network –Scanning Ports –TCP attacks TCP SYN or TCP ACK Flood Attack TCP Sequence Number Attack TCP/IP Hijacking –UDP attacks ICMP Attacks Smurf Attacks ICMP Tunneling

9 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

10 © SYBEX Inc. 2008. All Rights Reserved. Software Exploitation Database exploitation Application exploitation E-mail exploitation Spyware Rootkits

11 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

12 © SYBEX Inc. 2008. All Rights Reserved. OVAL Open Vulnerability and Assessment Language A community written standard in XML to promote open and publicly available security content Consists of: –A language –An interpreter –A repository

13 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

14 © SYBEX Inc. 2008. All Rights Reserved. Surviving Malicious Code Viruses Trojan horses Logic Bombs Worms Antivirus software

15 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

16 © SYBEX Inc. 2008. All Rights Reserved. Social Engineering Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. Preys on the trusting nature of people to breach security. Can be prevented through training and standard security policies.

17 © SYBEX Inc. 2008. All Rights Reserved. Chapter 2: Identifying Potential Risks Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

18 © SYBEX Inc. 2008. All Rights Reserved. Auditing Processes and Files Security log files Security audit files Vulnerability scanner

Download ppt "© SYBEX Inc. 2008. All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”"

Similar presentations

© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.

OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Handling Security Incidents

Handling Security Incidents
Network Attack and Defense

Network Attack and Defense
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Network Threats and Mitigation Networking Essentials Chapter 14 Spring, 2013.

Network Threats and Mitigation Networking Essentials Chapter 14 Spring, 2013.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.

Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Similar presentations

Ads by Google