Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 in CompTIA Security +

Published byVanessa Parsons Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 5 in CompTIA Security +"— Presentation transcript:

1 Chapter 5 in CompTIA Security +
Unit 5 Seminar Unit 5 Chapter 5 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Office Hours: Tuesday, 7:00 PM ET or Wednesday, 8:00 PM ET

2 What we covered last week
Chapter 4 Overview What we covered last week Monitoring Activity and Intrusion Detection Monitoring the Network Understanding Intrusion Detection Systems (IDS) Working with Wireless Systems Understanding Instant Messaging Features (IM) Working with 8.3 File Naming Understanding Protocol Analyzers (sniffers) Understanding Signal Analysis and Intelligence Footprinting Scanning

3 Quick check of concepts…
Chapter 4 REVIEW Quick check of concepts… Quickly type your response to these questions: Example: type #1 and then your answer #1 What is NFS and why do we care? #2 With IDS there is a data source. What makes up the raw information in the data source? #3 Name a problem with Host-Based IDS. #4 Bonus: Why should you discard WEP for WPA2?

4 Implementing and Maintaining a Secure Network
Chapter 5 Overview Implementing and Maintaining a Secure Network Overview of Network Security Threats Defining Security Baselines Hardening the OS (operating system) and NOS Hardening Network Devices Hardening Applications

5 Network Security Threats
Chapter 5 Network Security Threats What should you do to learn about national/international security threats? CERT Coordination Center (CERT/CC) US Computer Emergency Readiness Team Field Trip….. Left side menu – go down to - Severity Metric Example: Vulnerability Note VU# Cisco Tandberg E, EX, and C Series default root credentials “An attacker may be able to gain complete administrative control of the device.”

6 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) Department of Homeland Security – Daily Reports DHS Daily Open Source Infrastructure Report “The DHS Daily Open Source Infrastructure Report is collected each business day as a summary of open-source published information concerning significant critical infrastructure issues. Each Daily Report is divided by the critical infrastructure sectors and key assets defined in the National Infrastructure Protection Plan.” Type - heading of a current Information Technology Sector issue. Select the date and when .pdf opens, go to Information Technology Sector from the Services menu

7 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) SANs – The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization – now worldwide. SANs Internet Storm Center ISC Internet Storm Center Also: Tools List - Laptop at Security Conferences (next page) Stormcasts are daily 5-10 minute threat updates. Podcast Field Trip….. ISC StormCast for Thursday, May 17th 2012

8 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) Laptop at Security Conferences Published: , Last Updated: :31:16 UTC by Chris Mohan (Version: 1) “I’m often curious what other security folks do to keep their machine safe when they go to IT conferences. I often see what looks like standard office machines being used and wonder if any precautions have been taken. So here’s what I do and I’d love to find out what other measure you take. I’m about to spend a few days a large security conference, so I’m just putting the finishing touches to laptop I’m taking with me.”

9 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) SANS – Newsletters - Spend fifteen minutes a day keeping up with the high-level perspective of all the latest security news. Field Trip….. SANS Newsbites – slide down to Archive NewsBites is a semiweekly executive summary of news articles published on computer security during the last week. @Risk – select Archive – Date and then go down page OUCH! Select Archive Disposing of computers…

10 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) SANS NewsBites Man Pleads Guilty to US $1.3 Million Phishing Scam (8th May 2012) A 31 year old US man from Atlanta, Georgia, pleaded guilty to his part in a phishing ring responsible for defrauding people of over US $1.3 million. Waya Nwaki, also known as "Shawn Conley," "USAprince12k," and "Prince Abuja", pleaded guilty to charges of wire fraud conspiracy, wire fraud, aggravated identity theft and computer fraud conspiracy. He could face up to 47 years in prison and a fine of US $250,000 for each count. According to the indictment filed with the U.S. District Court in New Jersey, Nwaki was part of an international gang of fraudsters with others named in the scheme as Karlis Karklins of Latvia; Charles Umeh Chidi of the United Kingdom; Alphonsus Osuala and Osarhieme Uyi Obaygbona of Atlanta; Marvin Dion Hill of College Park, Ga.; and Olani Yi Jones of Nigeria. a-man-admits-role-million-global-cyberscam/

11 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) Read about current topics in security magazines: SC Magazine Information Security Magazine Network Security Magazine Info Security Magazine

12 Network Security Threats (continued)
Chapter 5 Network Security Threats (continued) Listen to podcasts: (See black bar under title, hit triangle) Interview with Chris Novak (May 11, 2012) 15 minutes Improving Breach Investigations - In short, organizations need to know where data is stored and what it comprises. But Novak says most organizations have too much data and in too many places to manage. Many organizations just struggle with understanding the picture of the data problem," says Novak, a member of Verizon's investigative response team. "They don't necessarily know where they have data ... and how it's being handled." Fraud Fighters Wanted (July 5, 2011) 13 minutes Global Threats Create Boom Times for Fraud Examiners Today's top fraud threats recognize no global boundaries, says James Ratley, head of the Association of Certified Fraud Examiners. And they require a stronger global workforce than ever before.

13 Chapter 5 Nessus and NMAP Nessus - vulnerability scanner that was a free and open source vulnerability scanner until they closed the source code in 2005 and removed the free "registered feed" version in 2008 Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing.

14 Security Baselines Back to the book…pg 222 Tools to help:
Chapter 5 Security Baselines Back to the book…pg 222 What is a security baseline? “The base level of security that will be implemented and maintained.” Depending on the environment, baseline security may include layers of protection, such as encryption, filtering, access control lists, authorization and authentication, and other security functions. Tools to help: Baseline: Demo to explain product.

15 Security Baselines (continued)
Chapter 5 Security Baselines (continued) Microsoft tools for baselines: Microsoft Security TechCenter Microsoft Security Compliance Manager (SCM) “baselines are based on Microsoft Security guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats. Microsoft Baseline Security Analyzer Security Configuration Wizard (SCW) - attack-surface reduction tool included with Windows Server 2008 R2. SCW guides administrators in creating security policies based on the minimum functionality required for a server's role or roles.

16 Security Baselines Common Criteria (CC)
Chapter 5 Security Baselines Common Criteria (CC) Evaluation Assurance Levels (EALs) EAL 1 EAL 2 EAL 3 EAL 4 – Recommended for commercial systems –Windows 7 EAL 5 EAL 6 EAL 7

17 Hardening the OS and NOS
Chapter 5 Hardening the OS and NOS Configuring Network Protocols Hardening Microsoft Windows Vista/Windows 7 Hardening Microsoft Windows XP Hardening Windows Server 2003/Server 2008 Hardening Windows Server 2000 Hardening Unix/Linux Hardening Novell NetWare Hardening Apple Macintosh

18 Hardening the OS and NOS
Chapter 5 Hardening the OS and NOS Windows Service Hardening restricts critical Windows services from running abnormal activities in the file system, registry, network or other areas that could be exploited by malware.  Ex: Install Windows Server 2008 as a Server Core installation. Server Core provides a minimal environment for running specific server roles, reducing maintenance and management requirements and the attack surface. Windows services represent a large percentage of the overall attack surface.  Windows Server 2008 limits the number of services that are running and operational by default.  Security Configuration Wizard – examines roles, adjusts to role

19 Hardening the OS and NOS
Chapter 5 Hardening the OS and NOS Hardening Filesystems NTFS, Unix NFS, Apple AFS Updating Your Operating System Hotfixes, Service Packs and Support Packs, Patches Microsoft Patch Tuesday: Monthly Security Bulletins Articles - Help: I Got Hacked. Now What Do I Do? Jesper M. Johansson, Ph.D., CISSP, MCSE, MCP+I Security Program Manager, Microsoft Corporation “After the very long Patch Management article last month, this month’s article is much shorter and to the point. Let’s just say you did not install the patches like we discussed last month. Now you got hacked. What to do?”

20 Hardening Network Devices
Chapter 5 Hardening Network Devices Updating Network Devices Configuring Routers and Firewalls Patches and Updates for Routers and Firewalls Enabling/Disabling Services and Protocols Working with Access Control Lists (ACLs)

21 Application Hardening (cont)
Chapter 5 Application Hardening (cont) Web Servers – IIS, Apache, anonymous, executable scripts, uploads, etc. DNS Servers Data Repositories Directory Services – LDAP, Active Directory, X.500, SQL

22 Application Hardening
Chapter 5 Application Hardening Web Servers Servers FTP Servers DNS Servers NNTP Servers File and Print Servers and Services DHCP Services Data Repositories

23 Unit 5 Project Assignment
Chapter 5 Unit 5 Project Assignment TWO PARTS! Essay questions 30 points for Part 1 1.1. Pick one NOS and one OS and describe the process of hardening it from attacks and intruders. (i.e. Windows XP and Windows Server 2008 or Windows 7 and Linux Ubuntu) 1.2. Pick two application server types listed in the text and describe the process of hardening them from attacks and intruders 20 points for Part paragraphs Based on the knowledge you have achieved thus far in our class, compose a brief synopsis compiling what you have learned about network security. Describe how you will use this knowledge with any other class, your present or future career, or your own personal life. APA Style for both Part 1 and Part 2.

Download ppt "Chapter 5 in CompTIA Security +"

Similar presentations

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.

Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:
A First Course in Information Security

A First Course in Information Security
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Similar presentations

Ads by Google