Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

Published byAdrian Perry Modified over 8 years ago

Similar presentations

Presentation on theme: "UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:"— Presentation transcript:

1 UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edujmcdanolds@kaplan.edu Office Hours: Tuesday 4:00 PM ET and Wednesday 6:00 PM ET 1

2 CHAPTER 4 OVERVIEW Monitoring Activity and Intrusion Detection Monitoring the Network Understanding Intrusion Detection Systems Working with Wireless Systems Understanding Instant Messaging Features Working with 8.3 File Naming Understanding Protocol Analyzers Understanding Signal Analysis and Intelligence Footprinting Scanning 2

3 CHAPTER 4 Monitoring the Network Monitoring – what is it? Who does it ? Why do you need to know how to do it? Types of Network Traffic TCP/IP Novell - IPX/SPX and NDS/eDirectory Microsoft - NetBIOS/NetBEUI and WINS Network File System (NFS) Apple Monitoring Network Systems – tap locations 3

4 CHAPTER 4 There are many scanning and monitoring tools Freeware: Ethereal - http://ethereal.com/ Ethereal works on Windows XP - you will need to install WinPcap http://www.winpcap.org/ Wireshark - http://wiki.wireshark.org/ One example of vendor products: NetScanTools Basic is a free download NetScanTools Pro is $249 less 20% for education discount. NetScanTools http://www.netscantools.com/ 4 Real Time Monitoring

5 CHAPTER 4 Field Trip… Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. Left hand side of screen – 20 minute video ONLY first 3 minutes - you can view the entire tour later… http://www.akamai.com/html/technology/nocc.html 5 Real Time Monitoring

6 CHAPTER 4 Field Trip… Ethical Hacking How To: Tutorial on ARP Scanning to Discover ALL Local Devices http://www.netscantools.com/videos.html http://www.youtube.com/watch?v=ClM2UgQpEPA Later… Visit to the “Case of the Disappearing Sales Calls”. Outlines how a sales rep’s traffic indicated how she spent time at work. Betty DeBois http://www.cacetech.com/resources.html http://www.cacetech.com/media/network_mysteries/disappearing_sales_calls/ 6 Real Time Monitoring

7 CHAPTER 4 Intrusion Detection Systems Terms – pg 180 to 190 Intrusion detection systems (IDS) Two primary approaches: signature-based and anomaly-based Signature-based - misuse-detection IDS (MD-IDS) Anomaly-detection IDS (AD-IDS) Network-based IDS (N-IDS) Passive Response Active Response Host-based IDS (H-IDS) NIPS – Network Intrusion Prevention Systems 7

8 CHAPTER 4 Intrusion Detection Systems Software, hardware, managed IDS Symantec, Cisco, McAfee, IBM, etc. Open source: Snort : Everyone's favorite open source IDS Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Etc. 8

9 CHAPTER 4 Using Honeypots What is a honeypot? A computer that is designated as a target for computer attacks and is used to gather information about the attacker. SANS article http://www.sans.org/security-resources/idfaq/honeypot3.php 9

10 CHAPTER 4 Understanding Incident Response Step 1: Identifying the Incident Step 2: Investigating the Incident Step 3: Repairing the Damage Step 4: Documenting and Reporting the Response Step 5: Adjusting Procedures 10

11 CHAPTER 4 Working with Wireless Systems Wireless Transport Layer Security (WTLS) IEEE 802.11x Wireless Protocols WEP/ WAP Wireless Vulnerabilities Wireless Intrusion Detection System (WIDS) Motorola - http://www.airdefense.net/ http://www.wildpackets.com/ 11

12 CHAPTER 4 Instant Messaging IM Vulnerabilities Controlling Privacy 12

13 CHAPTER 4 Working with 8.3 File Naming Carryover from the days of FAT Common file extensions for executables 13

14 CHAPTER 4 Understanding Protocol Analyzers Protocol analyzing and packet sniffing are interchangeable terms Sniffing is the process of monitoring data transmitted across a network Instant Messaging is susceptible to sniffing 14

15 CHAPTER 4 Signal Analysis and Signal Intelligence Footprinting Scanning 15

16 CHAPTER 4 SUMMARY Monitoring versus Auditing External monitoring – Internal monitoring Audit Logs - User privileges, file access, sensitive folders (examples) Real-time versus alert-based, regularly required audit log analysis More on Auditing later - discussed in a later chapter. 16

17 CHAPTER 4 Unit 4 Assignment Unit 4 Project - Three questions, each at least one page. 1. Using your favorite Internet search tool search out and evaluate three protocol analyzers. List advantages and disadvantages for each of the three selected. 2. Examine honeypots in terms of system monitoring. Do you feel these are a benefit or are they are not worth the time/risk/expense? Defend your position. 3. Compare and contrast footprinting and scanning. Describe defense measures you can take as a network administrator to defend against each. APA Style – Title Page, Reference Page. Where did you find your info. Questions? 17

Download ppt "UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:"

Similar presentations

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.

Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.

Computer Security Fundamentals by Chuck Easttom Chapter 9: Computer Security Software.

Similar presentations

Ads by Google