Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIT 2 SEMINAR Unit 2 Chapter 1 and 2 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+

Published byDwain Magnus Bryan Modified over 8 years ago

Similar presentations

Presentation on theme: "UNIT 2 SEMINAR Unit 2 Chapter 1 and 2 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+"— Presentation transcript:

1 UNIT 2 SEMINAR Unit 2 Chapter 1 and 2 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edujmcdanolds@kaplan.edu Office Hours: Tuesday, 7:00 PM ET or Wednesday, 8:00 PM ET

2 CHAPTER 1 REVIEW Security in the news this week… In the national news… Utah Dept. of Health hacked, over 500,000 700,000 affected and the number’s growing April 9, 2012 - Marjorie Cortez provides an update on a breach that started out bad enough last week, and just got a lot worse: Some 280,000 people had their Social Security numbers listed in state health data stolen from a computer server last week, state officials announced Monday, calling the data breach the largest in state history. Another 500,000 victims had less sensitive personal information stolen, state health department and technology services officials said during a press conference at the State Office Building. “Less sensitive” information was described as names, dates of birth and addresses. Officials said there may be some overlap between the groups, and information is still being reviewed. The victims are likely to be people who have visited a health care provider in the past four months. http://www.databreaches.net/?p=23931 Dead And Dying Targeted In ID Theft IDs of 2.5 million dead Americans abused annually, new study shows Apr 24, 2012 | 12:08 PM | Dead or alive, your identity is always at risk: New data shows that fraudsters use the Social Security numbers and other personal data of more than 2 million deceased people in the U.S. annually in order to get credit card and cell phone services each year under phony names. http://www.darkreading.com/security/attacks-breaches

3 CHAPTER 1 REVIEW Chapter 1 General Security Concepts Understanding Information Security Understanding the Goals of Information Security Comprehending the Security Process Authentication Issues to Consider Distinguishing Between Security Topologies Also in the textbook, note the breakdown of the “domains” for the Security+ exam in the Introduction and the self Assessment Test.

4 CHAPTER 1 REVIEW General Security Concepts Rapid Fire… Open your ebook file to Chapter 1. Pick up points for some quick definitions. Type a brief definition. #1 - Three components of… The security triad

5 CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) #2 - Name the… Three components of Physical Security

6 CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) #3 - Operational Security Name four operational security issues

7 CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) #4 - Management and Policies Name three key policy areas

8 CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) #5 - Implementing Access Control… Three basic models for access control

9 CHAPTER 1 REVIEW General Security Concepts Rapid Fire… (continued) #6 - Security Topologies cover four primary areas: The four security topology areas

10 CHAPTER 1 REVIEW End of Chapter 1 Exam Essentials – if you are gathering information to review as a comparison to the CompTIA test domain content Hands-on Labs – not a graded item. This section reminds us to keep our systems up to date. Microsoft’s second Tuesday updates, security vendor’s virus file update (daily), etc. Review Questions with the answers after – use these to study concepts

11 CHAPTER 2 Chapter 2 - Identifying Potential Risks What is a risk? WASHINGTON, Feb 7, 2011 -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. Wall Street Journal What is an attack? Attack - when an unauthorized individual or group attempts to access, modify or damage systems or environment. Attacks Strategies – the bad guys have one or more of these goals: 1.Access attack – access to resources 2.Modification or repudiation attack – modify information 3.Denial-of-service attack – disrupt the network, denying users access

12 CHAPTER 2 Identifying Potential Risks Quick check of terms/concepts: Attack Goals (three) – Access Attack Types – Modification and Repudiation Attacks – DOS and DDOS Attacks – Zombies Botnet Backdoor Spoofing Man-in-the-Middle TCP/IP layers Sniffing OVAL

13 CHAPTER 2 Identifying Potential Risks Overview: Calculating Attack Strategies Recognizing Common Attacks Identifying TCP/IP Security Concerns Understanding Software Exploitation Understanding OVAL Surviving Malicious Code Understanding Social Engineering Auditing Processes and Files

14 CHAPTER 2 Types of Attacks Access attack – someone who should not be able to wants to access your resources Eavesdropping, snooping, interception Modification and repudiation attack – someone wants to modify information in your systems Change grades, fraudulent transactions, Denial of Service (DoS) attack – an attempt to disrupt your network and services

15 CHAPTER 2 OVERVIEW TCP/IP Attacks Sniffing the Network Scanning Ports TCP attacks TCP SYN or TCP ACK Flood Attack TCP Sequence Number Attack TCP/IP Hijacking UDP attacks ICMP Attacks Smurf Attacks ICMP Tunneling

16 CHAPTER 2 Understanding OVAL O pen V ulnerability and A ssessment L anguage http://oval.mitre.org OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community. A community written standard in XML to promote open and publicly available security content Consists of: A language An interpreter A repository

17 CHAPTER 2 Surviving Malicious Code Viruses Trojan horses Logic Bombs Worms Antivirus software

18 CHAPTER 2 Social Engineering Social engineering is a process where an attacker attempts to acquire information about your network and system by talking to people in the organization. Preys on the trusting nature of people to breach security. Can be prevented through training and standard security policies.

19 CHAPTER 2 Auditing Processes and Files Security log files Security audit files Vulnerability scanner

20 UNIT 2 Unit 2 Assignment Unit Two Project 1. Perform a web search using your favorite search engine (yahoo.com, google.com, etc) on some of the most popular methods used to implement the various attacks discussed in Chapter 2. Then, discuss ways to prevent these attacks or at least minimize their effects on your organization. 2. Security topology covers four primary areas of concern (design goals, security zones, technologies, and business requirements). Describe each area including key topics in each area. 3. Discuss software threats classified as malicious code on page 81 of your text.

21 CHAPTER 2 Clarification of Question 1 on Unit 2 Project From the Project Rubric: For example, look for the methods used to start a Denial of Service (DoS) attack like which software is used, the motives behind DoS, etc. Then, discuss ways to prevent these attacks or at least minimize their effects on your organization. There are attack types from page 54 through 63. Don’t just discuss DoS, there are various types listed. Understands attack types 5 points Presents measures to prevent attacks 5 points References reputable web sites 5 points

Download ppt "UNIT 2 SEMINAR Unit 2 Chapter 1 and 2 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS, Security+"

Similar presentations

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Taxonomy of Computer Security Incidents Yashodhan Fadnavis.

Taxonomy of Computer Security Incidents Yashodhan Fadnavis.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

Similar presentations

Ads by Google