Objectives

• Identify the challenges for information security

Chapter 1: Information Security Fundamentals
Security+ Guide to Network Security Fundamentals Second Edition

• Define information security • Explain the importance of information security

Security+ Guide to Network Security Fundamentals, 2e

2

Objectives
• List and define information security terminology • Describe the CompTIA Security+ certification exam • Describe information security careers

Identifying the Challenges for Information Security
• Challenge of keeping networks and computers secure has never been greater • A number of trends illustrate why security is becoming increasingly difficult • Many trends have resulted in security attacks growing at an alarming rate

Security+ Guide to Network Security Fundamentals, 2e

3

Security+ Guide to Network Security Fundamentals, 2e

4

Identifying the Challenges for Information Security (continued)
• Computer Emergency Response Team (CERT) security organization compiles statistics regarding number of reported attacks, including:
– Speed of attacks – Sophistication of attacks – Faster detection of weaknesses – Distributed attacks – Difficulties of patching
Security+ Guide to Network Security Fundamentals, 2e 5

Identifying the Challenges for Information Security (continued)

Security+ Guide to Network Security Fundamentals, 2e

6

Identifying the Challenges for Information Security (continued)

Defining Information Security
• Information security:
– Tasks of guarding digital information, which is typically processed by a computer (such as a personal computer), stored on a magnetic or optical storage device (such as a hard drive or DVD), and transmitted over a network spacing

Security+ Guide to Network Security Fundamentals, 2e

7

Security+ Guide to Network Security Fundamentals, 2e

8

Defining Information Security (continued)
• Ensures that protective measures are properly implemented • Is intended to protect information • Involves more than protecting the information itself

Defining Information Security (continued)

Security+ Guide to Network Security Fundamentals, 2e

9

Security+ Guide to Network Security Fundamentals, 2e

10

Defining Information Security (continued)
• Three characteristics of information must be protected by information security:
– Confidentiality – Integrity – Availability

Understanding the Importance of Information Security
• Information security is important to businesses:
– Prevents data theft – Avoids legal consequences of not securing information – Maintains productivity – Foils cyberterrorism – Thwarts identity theft

• •

Center of diagram shows what needs to be protected (information) Information security achieved through a combination of three entities
11

Security+ Guide to Network Security Fundamentals, 2e

Security+ Guide to Network Security Fundamentals, 2e

12

such as time and money away from normal activities • A Corporate IT Forum survey of major corporations showed: – Each attack costs a company an average of $213.Preventing Data Theft • Security often associated with theft prevention • Drivers install security systems on their cars to prevent the cars from being stolen • Same is true with information security businesses cite preventing data theft as primary goal of information security Preventing Data Theft (continued) • Theft of data is single largest cause of financial loss due to a security breach • One of the most important objectives of information security is to protect important business and personal data from theft Security+ Guide to Network Security Fundamentals.000 man-hours lost Security+ Guide to Network Security Fundamentals. 2e 14 Avoiding Legal Consequences • Businesses that fail to protect data may face serious penalties • Laws include: – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) – The Sarbanes-Oxley Act of 2002 (Sarbox) – The Cramm-Leach-Blilely Act (GLBA) – USA PATRIOT Act 2001 Security+ Guide to Network Security Fundamentals. clean-up efforts divert resources. 2e 13 Security+ Guide to Network Security Fundamentals. 2e 15 Maintaining Productivity • After an attack on information security. 2e 16 .000 in lost man-hours and related costs – One-third of corporations reported an average of more than 3.

2e 18 Thwarting Identity Theft • Identity theft involves using someone’s personal information. to establish bank or credit card accounts that are then left unpaid. such as social security numbers. state.Maintaining Productivity (continued) Foiling Cyberterrorism • An area of growing concern among defense experts are surprise attacks by terrorist groups using computer technology and the Internet (cyberterrorism) • These attacks could cripple a nation’s electronic and commercial infrastructure • Our challenge in combating cyberterrorism is that many prime targets are not owned and managed by the federal government Security+ Guide to Network Security Fundamentals. and local legislation continues to be enacted to deal with this growing problem – The Fair and Accurate Credit Transactions Act of 2003 is a federal law that addresses identity theft Security+ Guide to Network Security Fundamentals. leaving the victim with the debts and ruining their credit rating • National. 2e 20 . 2e 17 Security+ Guide to Network Security Fundamentals. 2e 19 Understanding Information Security Terminology Security+ Guide to Network Security Fundamentals.

provides education and awareness. 2e 22 Surveying Information Security Careers • Information security is one of the fastest growing career fields • As information attacks increase.Exploring the CompTIA Security+ Certification Exam • Since 1982. Novell. Microsoft. and communicates with executive management about security issues – Security engineer designs. RSA Security. such as VeriSign. 2e 23 Security+ Guide to Network Security Fundamentals. Symantec. companies are becoming more aware of their vulnerabilities and are looking for ways to reduce their risks and liabilities Surveying Information Security Careers (continued) • Sometimes divided into three general roles: – Security manager develops corporate security plans and policies. Sun. and Motorola • The Security+ exam is designed to cover a broad range of security topics categorized into five areas or domains Security+ Guide to Network Security Fundamentals. builds. 2e 24 . 2e 21 Security+ Guide to Network Security Fundamentals. IBM. and tests security solutions to meet policies and address business needs – Security administrator configures and maintains security solutions to ensure proper service levels and availability Security+ Guide to Network Security Fundamentals. the Computing Technology Industry Association (CompTIA) has been working to advance the growth of the IT industry • CompTIA is the world’s largest developer of vendorneutral IT certification exams • The CompTIA Security+ certification tests for mastery in security concepts and practices Exploring the CompTIA Security+ Certification Exam (continued) • Exam was designed with input from security industry leaders.

confidentiality. 2e 2 . and transmit the information through products. manipulate. people. 2e 25 Summary (continued) • Information security has its own set of terminology • A threat is an event or an action that can defeat security measures and result in a loss • CompTIA has been working to advance the growth of the IT industry and those individuals working within it • CompTIA is the world’s largest developer of vendorneutral IT certification exams Security+ Guide to Network Security Fundamentals. 2e 26 Objectives • Develop attacker profiles Chapter 2: Attackers and Their Attacks Security+ Guide to Network Security Fundamentals Second Edition • Describe basic attacks • Describe identity attacks • Identify denial of service attacks • Define malicious code (malware) Security+ Guide to Network Security Fundamentals. and availability of information on the devices that store. and procedures Security+ Guide to Network Security Fundamentals.Summary • The challenge of keeping computers secure is becoming increasingly difficult • Attacks can be launched without human intervention and infect millions of computers in a few hours • Information security protects the integrity.

Developing Attacker Profiles • Six categories: – Hackers – Crackers – Script kiddies – Spies – Employees – Cyberterrorists Developing Attacker Profiles (continued) Security+ Guide to Network Security Fundamentals. 2e 3 Security+ Guide to Network Security Fundamentals. deny legitimate users of service. but not with a malicious intent • Use their skills to expose security flaws Crackers • Person who violates system security with malicious intent • Have advanced knowledge of computers and networks and the skills to exploit them • Destroy data. 2e 6 . 2e 4 Hackers • Person who uses advanced computer skills to attack computers. 2e 5 Security+ Guide to Network Security Fundamentals. or otherwise cause serious problems on computers and networks Security+ Guide to Network Security Fundamentals.

2e 10 . 2e 7 Security+ Guide to Network Security Fundamentals. 2e 9 Security+ Guide to Network Security Fundamentals.Script Kiddies • Break into computers to create damage • Are unskilled users • Download automated hacking software from Web sites and use it to break into computers • Tend to be young computer users with almost unlimited amounts of leisure time. 2e 8 Employees • One of the largest information security threats to business • Employees break into their company’s computer for these reasons: – To show the company a weakness in their security – To say. “I’m smarter than all of you” – For money Cyberterrorists • Experts fear terrorists will attack the network and computer infrastructure to cause panic • Cyberterrorists’ motivation may be defined as ideology. or attacking for the sake of their principles or beliefs • One of the targets highest on the list of cyberterrorists is the Internet itself Security+ Guide to Network Security Fundamentals. which they can use to attack systems Spies • Person hired to break into a computer and steal information • Do not randomly search for unsecured computers to attack • Hired to attack a specific computer that contains sensitive information Security+ Guide to Network Security Fundamentals.

2e 14 .Cyberterrorists (continued) • Three goals of a cyberattack: – Deface electronic information to spread disinformation and propaganda – Deny service to legitimate computer users – Commit unauthorized intrusions into systems and networks that result in critical infrastructure outages and corruption of vital data Understanding Basic Attacks • Today. the global computing infrastructure is most likely target of attacks • Attackers are becoming more sophisticated. 2e 12 Social Engineering • Easiest way to attack a computer system requires almost no technical ability and is usually highly successful • Social engineering relies on tricking and deceiving someone to access a system • Social engineering is not limited to telephone calls or dated credentials Social Engineering (continued) • Dumpster diving: digging through trash receptacles to find computer manuals. 2e 13 Security+ Guide to Network Security Fundamentals. moving away from searching for bugs in specific software applications toward probing the underlying software and hardware infrastructure itself Security+ Guide to Network Security Fundamentals. or password lists that have been thrown away • Phishing: sending people electronic requests for information that appear to come from a valid source Security+ Guide to Network Security Fundamentals. printouts. 2e 11 Security+ Guide to Network Security Fundamentals.

2e 15 Security+ Guide to Network Security Fundamentals.Social Engineering (continued) • Develop strong instructions or company policies regarding: – When passwords are given out – Who can enter the premises – What to do when asked questions by another employee that may reveal protected information Password Guessing • Password: secret combination of letters and numbers that validates or authenticates a user • Passwords are used with usernames to log on to a system using a dialog box • Attackers attempt to exploit weak passwords by password guessing • Educate all employees about the policies and ensure that these policies are followed Security+ Guide to Network Security Fundamentals. 2e 18 . 2e 16 Password Guessing (continued) Password Guessing (continued) • Characteristics of weak passwords: – Using a short password (XYZ) – Using a common word (blue) – Using personal information (name of a pet) – Using same password for all accounts – Writing the password down and leaving it under the mouse pad or keyboard – Not changing passwords unless forced to do so Security+ Guide to Network Security Fundamentals. 2e 17 Security+ Guide to Network Security Fundamentals.

Password Guessing (continued)
• Brute force: attacker attempts to create every possible password combination by changing one character at a time, using each newly generated password to access the system • Dictionary attack: takes each word from a dictionary and encodes it (hashing) in the same way the computer encodes a user’s password

Password Guessing (continued)
• Software exploitation: takes advantage of any weakness in software to bypass security requiring a password
– Buffer overflow: occurs when a computer program attempts to stuff more data into a temporary storage area than it can hold

Security+ Guide to Network Security Fundamentals, 2e

19

Security+ Guide to Network Security Fundamentals, 2e

20

Password Guessing (continued)
• Policies to minimize password-guessing attacks:
– Passwords must have at least eight characters – Passwords must contain a combination of letters, numbers, and special characters – Passwords should expire at least every 30 days – Passwords cannot be reused for 12 months – The same password should not be duplicated and used on two or more systems

Weak Keys
• Cryptography:
– Science of transforming information so it is secure while being transmitted or stored – Does not attempt to hide existence of data; “scrambles” data so it cannot be viewed by unauthorized users

Security+ Guide to Network Security Fundamentals, 2e

21

Security+ Guide to Network Security Fundamentals, 2e

22

Weak Keys (continued)
• Encryption: changing the original text to a secret message using cryptography • Success of cryptography depends on the process used to encrypt and decrypt messages • Process is based on algorithms

Weak Keys (continued)
• Algorithm is given a key that it uses to encrypt the message • Any mathematical key that creates a detectable pattern or structure (weak keys) provides an attacker with valuable information to break the encryption

Security+ Guide to Network Security Fundamentals, 2e

23

Security+ Guide to Network Security Fundamentals, 2e

24

Mathematical Attacks
• Cryptanalysis: process of attempting to break an encrypted message • Mathematical attack: analyzes characters in an encrypted text to discover the keys and decrypt the data

Birthday Attacks
• Birthday paradox: – When you meet someone for the first time, you have a 1 in 365 chance (0.027%) that he has the same birthday as you – If you meet 60 people, the probability leaps to over 99% that you will share the same birthday with one of these people • Birthday attack: attack on a cryptographical system that exploits the mathematics underlying the birthday paradox

Security+ Guide to Network Security Fundamentals, 2e

25

Security+ Guide to Network Security Fundamentals, 2e

26

Examining Identity Attacks
• Category of attacks in which the attacker attempts to assume the identity of a valid user

Man-in-the-Middle Attacks
• Make it seem that two computers are communicating with each other, when actually they are sending and receiving data with a computer between them • Can be active or passive:
– Passive attack: attacker captures sensitive data being transmitted and sends it to the original recipient without his presence being detected – Active attack: contents of the message are intercepted and altered before being sent on

Security+ Guide to Network Security Fundamentals, 2e

27

Security+ Guide to Network Security Fundamentals, 2e

28

Replay
• Similar to an active man-in-the-middle attack • Whereas an active man-in-the-middle attack changes the contents of a message before sending it on, a replay attack only captures the message and then sends it again later • Takes advantage of communications between a network device and a file server

TCP/IP Hijacking
• With wired networks, TCP/IP hijacking uses spoofing, which is the act of pretending to be the legitimate owner • One particular type of spoofing is Address Resolution Protocol (ARP) spoofing • In ARP spoofing, each computer using TCP/IP must have a unique IP address

Security+ Guide to Network Security Fundamentals, 2e

29

Security+ Guide to Network Security Fundamentals, 2e

30

called the media access control (MAC) address. the server runs out of resources and can no longer function • Known as a SYN attack because it exploits the SYN/ACK “handshake” Security+ Guide to Network Security Fundamentals. 2e 31 Security+ Guide to Network Security Fundamentals. must also have another address. such as Ethernet. and causing the server to crash or be unavailable to legitimate users Identifying Denial of Service Attacks (continued) Security+ Guide to Network Security Fundamentals.TCP/IP Hijacking (continued) • Certain types of local area networks (LANs). overwhelming it. 2e 33 Security+ Guide to Network Security Fundamentals. 2e 34 . to move information around the network • Computers on a network keep a table that links an IP address with the corresponding address • In ARP spoofing. a hacker changes the table so packets are redirected to his computer Identifying Denial of Service Attacks • Denial of service (DoS) attack attempts to make a server or other network device unavailable by flooding it with requests • After a short time. 2e 32 Identifying Denial of Service Attacks (continued) • Another DoS attack tricks computers into responding to a false request • An attacker can send a request to all computers on the network making it appear a server is asking for a response • Each computer then responds to the server.

2e 37 Security+ Guide to Network Security Fundamentals. 2e 35 Security+ Guide to Network Security Fundamentals. a DDoS may use hundreds or thousands of computers – DDoS works in stages Understanding Malicious Code (Malware) • Consists of computer programs designed to break into computers or to create havoc on computers • Most common types: – Viruses – Worms – Logic bombs – Trojan horses – Back doors Security+ Guide to Network Security Fundamentals.Identifying Denial of Service Attacks (continued) • Distributed denial-of-service (DDoS) attack: – Instead of using one computer. 2e 36 Viruses • Programs that secretly attach to another document or program and execute when that document or program is opened • Might contain instructions that cause problems ranging from displaying an annoying message to erasing files from a hard drive or causing a computer to crash repeatedly Viruses (continued) • Antivirus software defends against viruses is • Drawback of antivirus software is that it must be updated to recognize new viruses • Updates (definition files or signature files) can be downloaded automatically from the Internet to a user’s computer Security+ Guide to Network Security Fundamentals. 2e 38 .

to start the infection Worms (continued) • Worms are usually distributed via e-mail attachments as separate executable programs • In many instances. such as an e-mail message. and is spread by traveling along with the document – A virus needs the user to perform some type of action. attackers can trick the user to start the program and launch the worm Security+ Guide to Network Security Fundamentals. such as starting a program or reading an e-mail message.Worms • Although similar in nature. reading the e-mail message starts the worm • If the worm does not start automatically. worms are different from viruses in two regards: – A virus attaches itself to a computer document. 2e 41 Security+ Guide to Network Security Fundamentals. for example: – A certain date being reached on the system calendar – A person’s rank in an organization dropping below a specified level Trojan Horses • Programs that hide their true intent and then reveals themselves when activated • Might disguise themselves as free calendar programs or other interesting software • Common strategies: – Giving a malicious program the name of a file associated with a benign program – Combining two or more executable programs into a single filename Security+ Guide to Network Security Fundamentals. 2e 40 Logic Bombs • Computer program that lies dormant until triggered by a specific event. 2e 39 Security+ Guide to Network Security Fundamentals. 2e 42 .

making it unable to respond to valid requests • Malicious code (malware) consists of computer programs intentionally created to break into computers or to create havoc on computers Security+ Guide to Network Security Fundamentals. which are one of the best defenses against combination programs – Special software that alerts you to the existence of a Trojan horse program – Anti-Trojan horse software that disinfects a computer containing a Trojan horse Back Doors • Secret entrances into a computer of which the user is unaware • Many viruses and worms install a back door allowing a remote user to access a computer without the legitimate user’s knowledge or permission Security+ Guide to Network Security Fundamentals. spies.Trojan Horses (continued) • Defend against Trojan horses with the following products: – Antivirus tools. employees. crackers. 2e 43 Security+ Guide to Network Security Fundamentals. script kiddies. 2e 44 Summary • Six categories of attackers: hackers. 2e 45 Security+ Guide to Network Security Fundamentals. and cyberterrorists • Password guessing is a basic attack that attempts to learn a user’s password by a variety of means • Cryptography uses an algorithm and keys to encrypt and decrypt messages Summary (continued) • Identity attacks attempt to assume the identity of a valid user • Denial of service (DoS) attacks flood a server or device with requests. 2e 46 .

2e 2 Identifying Who Is Responsible for Information Security • When an organization secures its information. 2e 4 . 2e 3 Security+ Guide to Network Security Fundamentals.Objectives • Identify who is responsible for information security • Describe security principles Chapter 3: Security Basics Security+ Guide to Network Security Fundamentals Second Edition • Use effective authentication methods • Control access to computer systems • Audit information security schemes Security+ Guide to Network Security Fundamentals. it completes a few basic tasks: – It must analyze its assets and the threats these assets face from threat agents – It identifies its vulnerabilities and how they might be exploited – It regularly assesses and reviews the security policy to ensure it is adequately protecting its information Identifying Who Is Responsible for Information Security (continued) • Bottom-up approach: major tasks of securing information are accomplished from the lower levels of the organization upwards • This approach has one key advantage: the bottomlevel employees have the technical expertise to understand how to secure information Security+ Guide to Network Security Fundamentals.

Identifying Who Is Responsible for Information Security (continued) Identifying Who Is Responsible for Information Security (continued) • Top-down approach starts at the highest levels of the organization and works its way down • A security plan initiated by top-level managers has the backing to make the plan work Security+ Guide to Network Security Fundamentals. 2e 6 Identifying Who Is Responsible for Information Security (continued) • Chief information security officer (CISO): helps develop the security plan and ensures it is carried out • Human firewall: describes the security-enforcing role of each employee Understanding Security Principles • Ways information can be attacked: – Crackers can launch distributed denial-of-service (DDoS) attacks through the Internet – Spies can use social engineering – Employees can guess other user’s passwords – Hackers can create back doors • Protecting against the wide range of attacks calls for a wide range of defense mechanisms Security+ Guide to Network Security Fundamentals. 2e 5 Security+ Guide to Network Security Fundamentals. 2e 8 . 2e 7 Security+ Guide to Network Security Fundamentals.

Layering • Layered security approach has the advantage of creating a barrier of multiple defenses that can be coordinated to thwart a variety of attacks • Information security likewise must be created in layers • All the security layers must be properly coordinated to be effective Layering (continued) Security+ Guide to Network Security Fundamentals. 2e 9 Security+ Guide to Network Security Fundamentals. 2e 10 Limiting • Limiting access to information reduces the threat against it • Only those who must use data should have access to it • Access must be limited for a subject (a person or a computer program running on a system) to interact with an object (a computer or a database stored on a server) • The amount of access granted to someone should be limited to what that person needs to know or do Security+ Guide to Network Security Fundamentals. 2e 11 Limiting (continued) Security+ Guide to Network Security Fundamentals. 2e 12 .

such as outbound traffic • Using firewalls produced by different vendors creates even greater diversity Security+ Guide to Network Security Fundamentals. troubleshoot. 2e 15 Security+ Guide to Network Security Fundamentals. such as all inbound traffic. 2e 13 Security+ Guide to Network Security Fundamentals.Diversity • Diversity is closely related to layering • You should protect data with diverse layers of security. 2e 14 Obscurity • Obscuring what goes on inside a system or organization and avoiding clear patterns of behavior make attacks from the outside difficult Simplicity • Complex security systems can be difficult to understand. so if attackers penetrate one layer. they cannot use the same techniques to break through all other layers • Using diverse layers of defense means that breaching one security layer does not compromise the whole system Diversity (continued) • You can set a firewall to filter a specific type of traffic. and feel secure about • The challenge is to make the system simple from the inside but complex from the outside Security+ Guide to Network Security Fundamentals. 2e 16 . and a second firewall on the same system to filter another traffic type.

what you have. tokens are based on what you have • Proximity card: plastic card with an embedded. 2e 17 Security+ Guide to Network Security Fundamentals. 2e 18 Username and Password (continued) • ID management: – User’s single authenticated ID is shared across multiple networks or online businesses – Attempts to address the problem of users having individual usernames and passwords for each account (thus. 2e 19 Security+ Guide to Network Security Fundamentals. resorting to simple passwords that are easy to remember) – Can be for users and for computers that share data Tokens • Token: security device that authenticates the user by having the appropriate permission embedded into the token itself • Passwords are based on what you know. what you are – Most common method: providing a user with a unique username and a secret password Security+ Guide to Network Security Fundamentals. thin metal strip that emits a low-frequency. 2e 20 .Using Effective Authentication Methods • Information security rests on three key pillars: – Authentication – Access control – Auditing Using Effective Authentication Methods (continued) • Authentication: – Process of providing identity – Can be classified into three main categories: what you know. short-wave radio signal Security+ Guide to Network Security Fundamentals.

2e 23 Kerberos • Authentication system developed by the Massachusetts Institute of Technology (MIT) • Used to verify the identity of networked users. 2e 24 . like using a driver’s license to cash a check • Typically used when someone on a network attempts to use a network service and the service wants assurance that the user is who he says he is Security+ Guide to Network Security Fundamentals. an independent third-party organization Security+ Guide to Network Security Fundamentals. 2e Security+ Guide to Network Security Fundamentals.Biometrics • Uses a person’s unique characteristics to authenticate them • Is an example of authentication based on what you are • Human characteristics that can be used for identification include: – Fingerprint – Hand – Retina – Face – Iris – Voice 21 Biometrics (continued) Security+ Guide to Network Security Fundamentals. 2e 22 Certificates • The key system does not prove that the senders are actually who they claim to be • Certificates let the receiver verify who sent the message • Certificates link or bind a specific person to a key • Digital certificates are issued by a certification authority (CA).

tokens. 2e Challenge Handshake Authentication Protocol (CHAP) (continued) Mutual Authentication • Two-way authentication (mutual authentication) can be used to combat identity attacks. if values match. connection is terminated 25 Security+ Guide to Network Security Fundamentals. authentication is acknowledged. or other means Security+ Guide to Network Security Fundamentals. such as man-inthe-middle and replay attacks • The server authenticates the user through a password. etc. 2e 28 .Kerberos (continued) • A state agency. much as a driver’s license is issued by the DMV Security+ Guide to Network Security Fundamentals.) – It expires on a specified date Challenge Handshake Authentication Protocol (CHAP) • Considered a more secure procedure for connecting to a system than using a password – User enters a password and connects to a server. 2e 26 • The user is provided a ticket that is issued by the Kerberos authentication server (AS). otherwise. height. such as the DMV. server sends a challenge message to user’s computer – User’s computer receives message and uses a specific algorithm to create a response sent back to the server – Server checks response by comparing it to its own calculation of the expected value. issues a driver’s license that has these characteristics: – It is difficult to copy – It contains specific information (name. address. etc.) – It lists restrictions (must wear corrective lenses. 2e 27 Security+ Guide to Network Security Fundamentals.

an ACL has one or more access control entries (ACEs) consisting of the name of a subject or group of subjects • Inherited rights: user rights based on membership in a group • Review pages 85 and 86 for basic folder and file permissions in a Windows Server 2003 system Security+ Guide to Network Security Fundamentals. 2e 30 Controlling Access to Computer Systems • Restrictions to user access are stored in an access control list (ACL) • An ACL is a table in the operating system that contains the access rights each subject (a user or device) has to a particular system object (a folder or file) Controlling Access to Computer Systems (continued) • In Microsoft Windows. 2e 32 . 2e 31 Security+ Guide to Network Security Fundamentals. 2e 29 Security+ Guide to Network Security Fundamentals.Mutual Authentication (continued) Multifactor Authentication • Multifactor authentication: implementing two or more types of authentication • Being strongly proposed to verify authentication of cell phone users who use their phones to purchase goods and services Security+ Guide to Network Security Fundamentals.

these results are compared to what is expected to detect any differences Security+ Guide to Network Security Fundamentals. 2e 33 Security+ Guide to Network Security Fundamentals. 2e 34 Discretionary Access Control (DAC) • Least restrictive model • One subject can adjust the permissions for other subjects over objects • Type of access most users associate with their personal computers Auditing Information Security Schemes • Two ways to audit a security system – Logging records which user performed a specific activity and when – System scanning to check permissions assigned to a user or role.Mandatory Access Control (MAC) • A more restrictive model • The subject is not allowed to give access to another subject to use an object Role Based Access Control (RBAC) • Instead of setting permissions for each user or group. 2e 35 Security+ Guide to Network Security Fundamentals. you can assign permissions to a position or role and then assign users and other objects to that role • Users and objects inherit all of the permissions for the role Security+ Guide to Network Security Fundamentals. 2e 36 .

limiting. 2e 2 . 2e 37 Summary (continued) • Basic principles for creating a secure environment: layering. 2e 38 Objectives • Disable nonessential systems • Harden operating systems Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition • Harden applications • Harden networks Security+ Guide to Network Security Fundamentals. the effort starts at the highest levels of the organization and works its way down Security+ Guide to Network Security Fundamentals. and simplicity • Basic pillars of security: – Authentication: verifying that a person requesting access to a system is who he claims to be – Access control: regulating what a subject can do with an object – Auditing: review of the security settings Security+ Guide to Network Security Fundamentals. obscurity. diversity.Summary • Creating and maintaining a secure environment cannot be delegated to one or two employees in an organization • Major tasks of securing information can be accomplished using a bottom-up approach. where security effort originates with low-level employees and moves up the organization chart to the CEO • In a top-down approach.

small notepad. 2e 3 Security+ Guide to Network Security Fundamentals. 2e 4 Disabling Nonessential Systems (continued) • Users can view the display name of a service. a background program. such as Application Management • A single process can provide multiple services Disabling Nonessential Systems (continued) Security+ Guide to Network Security Fundamentals. such as AppMgmt Security+ Guide to Network Security Fundamentals. the idling program springs to life Disabling Nonessential Systems (continued) • Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator. or address book • In Microsoft Windows. such as Svchostexe. 2e 5 Security+ Guide to Network Security Fundamentals. which gives a detailed description. such as Ctrl+Shift+P • Then. 2e 6 .Disabling Nonessential Systems • First step in establishing a defense against computer attacks is to turn off all nonessential systems • The background program waits in the computer’s random access memory (RAM) until the user presses a specific combination of keys (a hot key). is called a process • The process provides a service to the operating system indicated by the service name.

disabling nonessential services blocks entries into the system Security+ Guide to Network Security Fundamentals. 2e 9 Security+ Guide to Network Security Fundamentals. 2e 10 .Disabling Nonessential Systems (continued) Disabling Nonessential Systems (continued) • A service can be set to one of the following modes: – Automatic – Manual – Disabled • Besides preventing attackers from attaching malicious code to services. as in 19814611820:80 Disabling Nonessential Systems (continued) Security+ Guide to Network Security Fundamentals. 2e 8 Disabling Nonessential Systems (continued) • • • The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer TCP and UDP are based on port numbers Socket: combination of an IP address and a port number – The IP address is separated from the port number by a colon. 2e 7 Security+ Guide to Network Security Fundamentals.

2e 11 Security+ Guide to Network Security Fundamentals. instead. vendors release a new version of an operating system every two to four years • Vendors use certain terms to refer to the different types of updates (listed in Table 4-3 on page 109) Security+ Guide to Network Security Fundamentals. 2e 12 Applying Updates • Operating systems are intended to be dynamic • As users’ needs change. new hardware is introduced.Hardening Operating Systems • Hardening: process of reducing vulnerabilities • A hardened system is configured and updated to protect against attacks • Three broad categories of items should be hardened: – Operating systems – Applications that the operating system runs – Networks Hardening Operating Systems (continued) • You can harden the operating system that runs on the local client or the network operating system (NOS) that manages and controls the network. operating systems must be updated on a regular basis • However. and more sophisticated attacks are unleashed. it corrects a specific software problem Security+ Guide to Network Security Fundamentals. such as Windows Server 2003 or Novell NetWare Security+ Guide to Network Security Fundamentals. 2e 14 . 2e 13 Applying Updates (continued) • A service pack (a cumulative set of updates including fixes for problems that have not been made available through updates) provides the broadest and most complete update • A hotfix does not typically address security issues.

2e 17 Security+ Guide to Network Security Fundamentals. users can be assigned permissions to access folders (also called directories in DOS and UNIX/Linux) and the files contained within them Securing the File System (continued) • Microsoft Windows provides a centralized method of defining security on the Microsoft Management Console (MMC) – A Windows utility that accepts additional components (snap-ins) – After you apply a security template to organize security settings. 2e 15 Security+ Guide to Network Security Fundamentals. depending on the vendor or support team – A good patch management system includes the features listed on pages 111 and 112 of the text Security+ Guide to Network Security Fundamentals. 2e 18 . you can import the settings to a group of computers (Group Policy object) Security+ Guide to Network Security Fundamentals.Applying Updates (continued) Applying Updates (continued) • A patch or a software update fixes a security flaw or other problem – May be released on a regular or irregular basis. 2e 16 Securing the File System • Another means of hardening an operating system is to restrict user access • Generally.

graphics. a mail server serves an organization or set of users • All e-mail is sent through the mail server from a trusted user or received from an outsider and intended for a trusted user Security+ Guide to Network Security Fundamentals. service packs. 2e 22 .Securing the File System (continued) • Group Policy settings: components of a user’s desktop environment that a network system administrator needs to manage • Group Policy settings cannot override a global setting for all computers (domain-based setting) • Windows stores settings for the computer’s hardware and software in a database (the registry) Hardening Applications • Just as you must harden operating systems. audio. 2e 21 Security+ Guide to Network Security Fundamentals. 2e 20 Hardening Servers • Harden servers to prevent attackers from breaking through the software • Web server delivers text. animation. and video to Internet users around the world • Refer to the steps on page 115 to harden a Web server Hardening Servers (continued) • Mail server is used to send and receive electronic messages • In a normal setting. 2e 19 Security+ Guide to Network Security Fundamentals. you must also harden the applications that run on those systems • Hotfixes. and patches are generally available for most applications. although. not usually with the same frequency as for an operating system Security+ Guide to Network Security Fundamentals.

2e 25 Security+ Guide to Network Security Fundamentals.Hardening Servers (continued) Hardening Servers (continued) • In an open mail relay. 2e 23 Security+ Guide to Network Security Fundamentals. a mail server processes e-mail messages not sent by or intended for a local user • File Transfer Protocol (FTP) server is used to store and access files through the Internet – Typically used to accommodate users who want to download or upload files Security+ Guide to Network Security Fundamentals. 2e 24 Hardening Servers (continued) Hardening Servers (continued) • FTP servers can be set to accept anonymous logons using a window similar that shown in Figure 4-8 • A Domain Name Service (DNS) server makes the Internet available to ordinary users – DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer) Security+ Guide to Network Security Fundamentals. 2e 26 .

2e 28 Hardening Servers (continued) • Print/file servers on a local area network (LAN) allow users to share documents on a central server or to share printers • Hardening a print/file server involves the tasks listed on page 119 of the text • A DHCP server allocates IP addresses using the Dynamic Host Configuration Protocol (DHCP) • DHCP servers “lease” IP addresses to clients Security+ Guide to Network Security Fundamentals. distribute. 2e 30 . 2e 29 Hardening Data Repositories • Data repository: container that holds electronic information • Two major data repositories: directory services and company databases • Directory service: database stored on the network that contains all information about users and network devices along with privileges to those resources Security+ Guide to Network Security Fundamentals. and retrieve USENET messages through NNTP servers Security+ Guide to Network Security Fundamentals.Hardening Servers (continued) Hardening Servers (continued) • IP addresses and other information can be used in an attack • USENET is a worldwide bulletin board system that can be accessed through the Internet or many online services • The Network News Transfer Protocol (NNTP) is the protocol used to send. 2e 27 Security+ Guide to Network Security Fundamentals.

2e 33 Security+ Guide to Network Security Fundamentals. Erasable Programmable Read-Only Memory (EPROM). 2e 32 Firmware Updates • RAM is volatile interrupting the power source causes RAM to lose its entire contents • Read-only memory (ROM) is different from RAM in two ways: – Contents of ROM are fixed – ROM is nonvolatile disabling the power source does not erase its contents Firmware Updates (continued) • ROM.Hardening Data Repositories (continued) • Active Directory is the directory service for Windows • Active Directory is stored in the Security Accounts Manager (SAM) database • The primary domain controller (PDC) houses the SAM database Hardening Networks • Two-fold process for keeping a network secure: – Secure the network with necessary updates – Properly configure it Security+ Guide to Network Security Fundamentals. and Electrically Erasable Programmable Read-Only Memory (EEPROM) are firmware • To erase an EPROM chip. hold the chip under ultraviolet light so the light passes through its crystal window • The contents of EEPROM chips can also be erased using electrical signals applied to specific pins Security+ Guide to Network Security Fundamentals. 2e 31 Security+ Guide to Network Security Fundamentals. 2e 34 .

Network Configuration
• You must properly configure network equipment to resist attacks • The primary method of resisting attacks is to filter data packets as they arrive at the perimeter of the network

Network Configuration (continued)
• Rule base or access control list (ACL): rules a network device uses to permit or deny a packet (not to be confused with ACLs used in securing a file system) • Rules are composed of several settings (listed on pages 122 and 123 of the text) • Observe the basic guidelines on page 124 of the text when creating rules

Security+ Guide to Network Security Fundamentals, 2e

35

Security+ Guide to Network Security Fundamentals, 2e

36

Network Configuration (continued)

Summary
• Establishing a security baseline creates a basis for information security • Hardening the operating system involves applying the necessary updates to the software • Securing the file system is another step in hardening a system

Security+ Guide to Network Security Fundamentals, 2e

37

Security+ Guide to Network Security Fundamentals, 2e

38

Summary (continued)
• Applications and operating systems must be hardened by installing the latest patches and updates • Servers, such as Web servers, mail servers, FTP servers, DNS servers, NNTP servers, print/file servers, and DHCP servers, must be hardened to prevent attackers from corrupting them or using the server to launch other attacks

Chapter 5: Securing the Network Infrastructure
Security+ Guide to Network Security Fundamentals Second Edition

Security+ Guide to Network Security Fundamentals, 2e

39

Objectives
• Work with the network cable plant • Secure removable media • Harden network devices • Design network topologies

Working with the Network Cable Plant
• Cable plant: physical infrastructure of a network (wire, connectors, and cables) used to carry data communication signals between equipment • Three types of transmission media:
– Coaxial cables – Twisted-pair cables – Fiber-optic cables

Security+ Guide to Network Security Fundamentals, 2e

2

Security+ Guide to Network Security Fundamentals, 2e

3

Coaxial Cables
• Coaxial cable was main type of copper cabling used in computer networks for many years • Has a single copper wire at its center surrounded by insulation and shielding • Called “coaxial” because it houses two (co) axes or shafts the copper wire and the shielding • Thick coaxial cable has a copper wire in center surrounded by a thick layer of insulation that is covered with braided metal shielding
Security+ Guide to Network Security Fundamentals, 2e 4

Coaxial Cables (continued)
• Thin coaxial cable looks similar to the cable that carries a cable TV signal • A braided copper mesh channel surrounds the insulation and everything is covered by an outer shield of insulation for the cable itself • The copper mesh channel protects the core from interference • BNC connectors: connectors used on the ends of a thin coaxial cable
Security+ Guide to Network Security Fundamentals, 2e 5

Coaxial Cables (continued)

Twisted-Pair Cables
• Standard for copper cabling used in computer networks today, replacing thin coaxial cable • Composed of two insulated copper wires twisted around each other and bundled together with other pairs in a jacket

Security+ Guide to Network Security Fundamentals, 2e

6

Security+ Guide to Network Security Fundamentals, 2e

7

000 of an inch or one-millionth of a meter • Two types: – Single-mode fiber cables: used when data must be transmitted over long distances – Multimode cable: supports many simultaneous light transmissions. 2e 11 . each is about 1/25. 2e 8 Security+ Guide to Network Security Fundamentals.Twisted-Pair Cables (continued) • Shielded twisted-pair (STP) cables have a foil shielding on the inside of the jacket to reduce interference • Unshielded twisted-pair (UTP) cables do not have any shielding • Twisted-pair cables have RJ-45 connectors Fiber-Optic Cables • Coaxial and twisted-pair cables have copper wire at the center that conducts an electrical signal • Fiber-optic cable uses a very thin cylinder of glass (core) at its center instead of copper that transmit light impulses • A glass tube (cladding) surrounds the core • The core and cladding are protected by a jacket Security+ Guide to Network Security Fundamentals. generated by light-emitting diodes Security+ Guide to Network Security Fundamentals. 2e 9 Fiber-Optic Cables (continued) • Classified by the diameter of the core and the diameter of the cladding – Diameters are measured in microns. 2e 10 Securing the Cable Plant • Securing cabling outside the protected network is not the primary security issue for most organizations • Focus is on protecting access to the cable plant in the internal network • An attacker who can access the internal network directly through the cable plant has effectively bypassed the network security perimeter and can launch his attacks at will Security+ Guide to Network Security Fundamentals.

antivirus software. 2e 15 . each platter having its own head or apparatus to read and write information • Magnetic tape drives record information in a serial fashion Security+ Guide to Network Security Fundamentals. compromising the information – A worm or virus could be introduced to the media. 2e 12 Magnetic Media • Record information by changing the magnetic direction of particles on a platter • Floppy disks were some of the first magnetic media developed • The capacity of today’s 3 1/2-inch disks are 14 MB • Hard drives contain several platters stacked in a closed unit. and door locks • An employee copying data to a floppy disk or CD and carrying it home poses two risks: – Storage media could be lost or stolen. network security devices. or vandalize it Security+ Guide to Network Security Fundamentals. potentially damaging the stored information and infecting the network Security+ Guide to Network Security Fundamentals. but does nothing to record a zero • Capacity of optical discs varies by type • A Compact Disc-Recordable (CD-R) disc can record up to 650 MB of data • Data cannot be changed once recorded Security+ Guide to Network Security Fundamentals.Securing the Cable Plant (continued) • The attacker can capture packets as they travel through the network by sniffing – The hardware or software that performs such functions is called a sniffer Securing Removable Media • Securing critical information stored on a file server can be achieved through strong passwords. 2e 13 • Physical security – First line of defense – Protects the equipment and infrastructure itself – Has one primary goal: to prevent unauthorized users from reaching the equipment or cable plant in order to use. steal. 2e 14 Optical Media • Optical media use a principle for recording information different from magnetic media • A high-intensity laser burns a tiny pit into the surface of an optical disc to record a one.

with no moving or mechanical parts • SmartMedia cards range in capacity from 2 MB to 128 MB • The card itself is only 45 mm long. including employee home computers • USB memory stick is becoming very popular – Can hold between 8 MB and 1 GB of memory Security+ Guide to Network Security Fundamentals.Optical Media (continued) • A Compact Disc-Rewriteable (CD-RW) disc can be used to record data. 2e 17 Electronic Media (continued) • CompactFlash card – Consists of a small circuit board with flash memory chips and a dedicated controller chip encased in a shell – Come in 33 mm and 55 mm thicknesses and store between 8MB and 192 MB of data Keeping Removable Media Secure • Protecting removable media involves making sure that antivirus and other security software are installed on all systems that may receive a removable media device. erase it. 2e 18 Security+ Guide to Network Security Fundamentals. 2e 19 . and record again • A Digital Versatile Disc (DVD) can store much larger amounts of data – DVD formats include Digital Versatile Disc-Recordable (DVD-R). 37 mm wide. which can record once up to 395 GB on a single-sided disc and 79 GB on a double-sided disc Electronic Media • Electronic media use flash memory for storage – Flash memory is a solid state storage device everything is electronic. 2e 16 Security+ Guide to Network Security Fundamentals. and less than 1 mm thick Security+ Guide to Network Security Fundamentals.

2e 21 Workstations and Servers • Workstation: personal computer attached to a network (also called a client) – Connected to a LAN and shares resources with other workstations and network equipment – Can be used independently of the network and can have their own applications installed Switches and Routers • Switch – Most commonly used in Ethernet LANs – Receives a packet from one network device and sends it to the destination device only – Limits the collision domain (part of network on which multiple devices may attempt to send packets simultaneously) • Server: computer on a network dedicated to managing and controlling the network • Basic steps to harden these systems are outlined on page 152 Security+ Guide to Network Security Fundamentals. or router • This equipment has basic security features that you can use to harden the devices Security+ Guide to Network Security Fundamentals. server. 2e 23 .Hardening Network Devices • Each device that is connected to a network is a potential target of an attack and must be properly protected • Network devices to be hardened categorized as: – Standard network devices – Communication devices – Network security devices Hardening Standard Network Devices • A standard network device is a typical piece of equipment that is found on almost every network. such as a workstation. 2e 20 Security+ Guide to Network Security Fundamentals. 2e 22 • A switch is used within a single network • Routers connect two or more single networks to form a larger network Security+ Guide to Network Security Fundamentals. switch.

2e 25 Hardening Communication Devices • A second category of network devices are those that communicate over longer distances • Include: – Modems – Remote access servers – Telecom/PBX Systems – Mobile devices Modems • Most common communication device • Broadband is increasing in popularity and can create network connection speeds of 15 Mbps and higher • Two popular broadband technologies: – Digital Subscriber Line (DSL) transmits data at 15 Mbps over regular telephone lines – Another broadband technology uses the local cable television system Security+ Guide to Network Security Fundamentals.Switches and Routers (continued) • Switches and routers must also be protected against attacks • Switches and routers can be managed using the Simple Network Management Protocol (SNMP). part of the TCP/IP protocol suite • Software agents are loaded onto each network device to be managed Switches and Routers (continued) • Each agent monitors network traffic and stores that information in its management information base (MIB) • A computer with SNMP management software (SNMP management station) communicates with software agents on each network device and collects the data stored in the MIBs • Page 154 lists defensive controls that can be set for switches and routers Security+ Guide to Network Security Fundamentals. 2e 27 . 2e 24 Security+ Guide to Network Security Fundamentals. 2e 26 Security+ Guide to Network Security Fundamentals.

which authenticates users and passes service requests to the network Security+ Guide to Network Security Fundamentals. 2e 28 Remote Access Servers • Set of technologies that allows a remote user to connect to a network through the Internet or a wide area network (WAN) • Users run remote access client software and initiate a connection to a Remote Access Server (RAS). not by the minute of connect time Security+ Guide to Network Security Fundamentals. 2e 29 Remote Access Servers (continued) Remote Access Servers (continued) • Remote access clients can run almost all networkbased applications without modification – Possible because remote access technology supports both drive letters and universal naming convention (UNC) names • Minimum security features are listed on page 158 Security+ Guide to Network Security Fundamentals. 2e 31 . other users can use a sniffer to view traffic • Another risk with DSL and cable modem connections is that broadband connections are charged at a set monthly rate. which is connected to the coaxial cable that brings cable TV signals to the home • Because cable connectivity is shared in a neighborhood. 2e 30 Security+ Guide to Network Security Fundamentals.Modems (continued) • A computer connects to a cable modem.

they have become the target of attackers • Some defenses against attacks on these devices use real-time data encryption and passwords to protect the system so that an intruder cannot “beam” a virus through a wireless connection Security+ Guide to Network Security Fundamentals.Telecom/PBX Systems • Term used to describe a Private Branch eXchange • The definition of a PBX comes from the words that make up its name: – Private – Branch – eXchange Mobile Devices • As cellular phones and personal digital assistants (PDAs) have become increasingly popular. 2e 35 . 2e 32 Security+ Guide to Network Security Fundamentals. 2e 33 Hardening Network Security Devices • The final category of network devices includes those designed and used strictly to protect the network • Include: – Firewalls – Intrusion-detection systems – Network monitoring and diagnostic devices Firewalls • Typically used to filter packets • Designed to prevent malicious packets from entering the network or its computers (sometimes called a packet filter) • Typically located outside the network security perimeter as first line of defense • Can be software or hardware configurations Security+ Guide to Network Security Fundamentals. 2e 34 Security+ Guide to Network Security Fundamentals.

in some instances. makes decisions based on connection and rule base • Can perform content filtering to block access to undesirable Web sites Security+ Guide to Network Security Fundamentals. 2e 39 . but does not take action Security+ Guide to Network Security Fundamentals. 2e 37 Firewalls (continued) • An application layer firewall can defend against worms better than other kinds of firewalls – Reassembles and analyzes packet streams instead of examining individual packets Intrusion-Detection Systems (IDSs) • Devices that establish and maintain network security • Active IDS (or reactive IDS) performs a specific function when it senses an attack. on all computers on the network • Passive IDS sends information about what happened. such as dropping packets or tracing the attack back to a source – Installed on the server or. 2e 38 Security+ Guide to Network Security Fundamentals. 2e 36 Security+ Guide to Network Security Fundamentals.Firewalls (continued) • Software firewall runs as a program on a local computer (sometimes known as a personal firewall) – Enterprise firewalls are software firewalls designed to run on a dedicated device and protect a network instead of only one computer – One disadvantage is that it is only as strong as the operating system of the computer Firewalls (continued) • Filter packets in one of two ways: – Stateless packet filtering: permits or denies each packet based strictly on the rule base – Stateful packet filtering: records state of a connection between an internal computer and an external server.

2e 42 Security+ Guide to Network Security Fundamentals. 2e 41 • Other IDS systems are based on behavior: – Watch network activity and report abnormal behavior – Result in many false alarms Security+ Guide to Network Security Fundamentals. 2e Designing Network Topologies • Topology: physical layout of the network devices. scans event logs for signs of suspicious activity • Network-based IDS monitors all network traffic instead of only the activity on a computer – Typically located just behind the firewall Network Monitoring and Diagnostic Devices • SNMP enables network administrators to: – Monitor network performance – Find and solve network problems – Plan for network growth • Managed device: – Network device that contains an SNMP agent – Collects and stores management information and makes it available to SNMP 40 Security+ Guide to Network Security Fundamentals. and how they communicate • Essential to establishing its security • Although network topologies can be modified for security reasons. the network still must reflect the needs of the organization and users Security Zones • One of the keys to mapping the topology of a network is to separate secure users from outsiders through: – Demilitarized Zones (DMZs) – Intranets – Extranets Security+ Guide to Network Security Fundamentals. 2e 43 . how they are interconnected.Intrusion-Detection Systems (IDSs) (continued) • Host-based IDS monitors critical operating system files and computer’s processor activity and memory.

some networks use a DMZ with two firewalls • The types of servers that should be located in the DMZ include: – Web servers – Remote access servers Security+ Guide to Network Security Fundamentals. but allows vendors and business partners to access a company Web site Security+ Guide to Network Security Fundamentals. 2e 46 Security+ Guide to Network Security Fundamentals. but are only accessible to trusted inside users • Disadvantage is that it does not allow remote trusted users access to information Extranets • Sometimes called a cross between the Internet and an intranet • Accessible to users that are not trusted internal users.Demilitarized Zones (DMZs) • Separate networks that sit outside the secure network perimeter • Outside users can access the DMZ. 2e Demilitarized Zones (DMZs) (continued) – E-mail servers – FTP servers 44 Security+ Guide to Network Security Fundamentals. but trusted external users • Not accessible to the general public. 2e 45 Intranets • Networks that use the same protocols as the public Internet. 2e 47 . but cannot enter the secure network • For extra security.

2e 48 Security+ Guide to Network Security Fundamentals. 2e 51 .Network Address Translation (NAT) • “You cannot attack what you do not see” is the philosophy behind Network Address Translation (NAT) systems • Hides the IP addresses of network devices from attackers • Computers are assigned special IP addresses (known as private addresses) Network Address Translation (NAT) (continued) • These IP addresses are not assigned to any specific user or organization. but a different TCP port number Security+ Guide to Network Security Fundamentals. 2e 50 Security+ Guide to Network Security Fundamentals. anyone can use them on their own private internal network • Port address translation (PAT) is a variation of NAT • Each packet is given the same IP address. 2e 49 Honeypots • Computers located in a DMZ loaded with software and data files that appear to be authentic • Intended to trap or trick attackers • Two-fold purpose: – To direct attacker’s attention away from real servers on the network – To examine techniques used by attackers Honeypots (continued) Security+ Guide to Network Security Fundamentals.

you can segment a network by separating devices into logical groups (known as creating a VLAN) Summary • Cable plant: physical infrastructure (wire. 2e 54 Security+ Guide to Network Security Fundamentals.Virtual LANs (VLANs) • Segment a network with switches to divide the network into a hierarchy • Core switches reside at the top of the hierarchy and carry traffic between switches • Workgroup switches are connected directly to the devices on the network • Core switches must work faster than workgroup switches because core switches must handle the traffic of several workgroup switches Security+ Guide to Network Security Fundamentals. hard drives) – Optical storage (CD and DVD) – Electronic storage (USB memory sticks. connectors. 2e 53 Virtual LANs (VLANs) (continued) • Segment a network by grouping similar users together • Instead of segmenting by user. 2e 55 . and cables that carry data communication signals between equipment) • Removable media used to store information include: – Magnetic storage (removable disks. FlashCards) Security+ Guide to Network Security Fundamentals. 2e 52 Virtual LANs (VLANs) (continued) Security+ Guide to Network Security Fundamentals.

switches. 2e 3 . and routers) should all be hardened to repel attackers • A network’s topology plays a critical role in resisting attackers • Hiding the IP address of a network device can help disguise it so that an attacker cannot find it Chapter 6: Web Security Security+ Guide to Network Security Fundamentals Second Edition Security+ Guide to Network Security Fundamentals. 2e 56 Objectives • Protect e-mail systems • List World Wide Web vulnerabilities • Secure Web communications • Secure instant messaging Protecting E-Mail Systems • E-mail has replaced the fax machine as the primary communication tool for businesses • Has also become a prime target of attackers and must be protected Security+ Guide to Network Security Fundamentals.Summary (continued) • Network devices (workstations. servers. 2e 2 Security+ Guide to Network Security Fundamentals.

this queue is called the sendmail queue Security+ Guide to Network Security Fundamentals. 2e 4 Security+ Guide to Network Security Fundamentals.How E-Mail Works • Use two Transmission Control Protocol/Internet Protocol (TCP/IP) protocols to send and receive messages – Simple Mail Transfer Protocol (SMTP) handles outgoing mail – Post Office Protocol (POP3 for the current version) handles incoming mail How E-Mail Works (continued) • The SMTP server on most machines uses sendmail to do the actual sending. 2e 7 . sound files. 2e 6 How E-Mail Works (continued) • E-mail attachments are documents in binary format (word processing documents. 2e 5 How E-Mail Works (continued) • Sendmail tries to resend queued messages periodically (about every 15 minutes) • Downloaded messages are erased from POP3 server • Deleting retrieved messages from the mail server and storing them on a local computer make it difficult to manage messages from multiple computers • Internet Mail Access Protocol (current version is IMAP4) is a more advanced protocol that solves many problems – E-mail remains on the e-mail server Security+ Guide to Network Security Fundamentals. pictures) • Non-text documents must be converted into text format before being transmitted • Three bytes from the binary file are extracted and converted to four text characters Security+ Guide to Network Security Fundamentals. spreadsheets.

exe.bat.E-Mail Vulnerabilities • Several e-mail vulnerabilities can be exploited by attackers: – Malware – Spam – Hoaxes Malware • Because of its ubiquity. 2e 9 Malware (continued) • A worm can enter a user’s computer through an email attachment and send itself to all users listed in the address book or attach itself as a reply to all unread e-mail messages • E-mail clients can be particularly susceptible to macro viruses – A macro is a script that records the steps a user performs – A macro virus uses macros to carry out malicious functions Security+ Guide to Network Security Fundamentals. 2e 11 . . .ade. .usf. 2e 8 Security+ Guide to Network Security Fundamentals. it has the broadest base for attacks – Malware can use e-mail to propagate itself Security+ Guide to Network Security Fundamentals.pif • Antivirus software and firewall products must be installed and properly configured to prevent malicious code from entering the network through e-mail • Procedures including turning off ports and eliminating open mail relay servers must be developed and enforced Security+ Guide to Network Security Fundamentals. e-mail has replaced floppy disks as the primary carrier for malware • E-mail is the malware transport mechanism of choice for two reasons: – Because almost all Internet users have e-mail. 2e 10 Malware (continued) • Users must be educated about how malware can enter a system through e-mail and proper policies must be enacted to reduce risk of infection – E-mail users should never open attachments with these file extensions: . .

almost half of the approximately 30 billion daily e-mail messages are spam • Spam is having a negative impact on e-mail users: – 25% of users say the ever-increasing volume of spam has reduced their overall use of e-mail – 52% of users indicate spam has made them less trusting of e-mail in general – 70% of users say spam has made being online unpleasant or annoying Security+ Guide to Network Security Fundamentals. spam and not-spam Hoaxes • E-mail messages that contain false warnings or fraudulent offerings • Unlike spam. 2e 14 Security+ Guide to Network Security Fundamentals. are almost impossible to filter • Defense against hoaxes is to ignore them Security+ Guide to Network Security Fundamentals. 2e 15 .Spam • The amount of spam (unsolicited e-mail) that flows across the Internet is difficult to judge • The US Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) in late 2003 Spam (continued) • According to a Pew memorial Trust survey. 2e 13 Spam (continued) • Filter e-mails at the edge of the network to prevent spam from entering the SMTP server • Use a backlist of spammers to block any e-mail that originates from their e-mail addresses • Sophisticated e-mail filters can use Bayesian filtering – User divides e-mail messages received into two piles. 2e 12 Security+ Guide to Network Security Fundamentals.

2e 16 Security+ Guide to Network Security Fundamentals.Hoaxes (continued) • Any e-mail message that appears as though it could not be true probably is not • E-mail phishing is also a growing practice • A message that falsely identifies the sender as someone else is sent to unsuspecting recipients E-Mail Encryption • Two technologies used to protect e-mail messages as they are being transported: – Secure/Multipurpose Internet Mail Extensions – Pretty Good Privacy Security+ Guide to Network Security Fundamentals. 2e 19 . verifying the sender but not preventing anyone from seeing the contents • First compresses the message – Reduces patterns and enhances resistance to cryptanalysis • Creates a session key (a one-time-only secret key) – This key is a number generated from random movements of the mouse and keystrokes typed Security+ Guide to Network Security Fundamentals. 2e 18 Security+ Guide to Network Security Fundamentals. 2e 17 Secure/Multipurpose Internet Mail Extensions (S/MIME) • Protocol that adds digital signatures and encryption to Multipurpose Internet Mail Extension (MIME) messages • Provides these features: – Digital signatures – Message privacy – Tamper detection – Interoperability – Seamless integration Pretty Good Privacy (PGP) • Functions much like S/MIME by encrypting messages using digital signatures • A user can sign an e-mail message without encrypting it.

the HTML document with the JavaScript code is downloaded onto the user’s computer • The Web browser then executes that code within the browser using the Virtual Machine (VM) a Java interpreter Security+ Guide to Network Security Fundamentals. 2e 23 . 2e 21 Examining World Wide Web Vulnerabilities • Buffer overflow attacks are common ways to gain unauthorized access to Web servers • SMTP relay attacks allow spammers to send thousands of e-mail messages to users • Web programming tools provide another foothold for Web attacks • Dynamic content can also be used by attackers – Sometimes called repurposed programming (using programming tools in ways more harmful than originally intended) Security+ Guide to Network Security Fundamentals. 2e 22 JavaScript • Popular technology used to make dynamic content • When a Web site that uses JavaScript is accessed.Pretty Good Privacy (PGP) (continued) • Uses a passphrase to encrypt the private key on the local computer • Passphrase: – A longer and more secure version of a password – Typically composed of multiple words – More secure against dictionary attacks Pretty Good Privacy (PGP) (continued) Security+ Guide to Network Security Fundamentals. 2e 20 Security+ Guide to Network Security Fundamentals.

JavaScript (continued) • Several defense mechanisms prevent JavaScript programs from causing serious harm: – JavaScript does not support certain capabilities – JavaScript has no networking capabilities JavaScript (continued) • Other security concerns remain: – JavaScript programs can capture and send user information without the user’s knowledge or authorization – JavaScript security is handled by restrictions within the Web browser Security+ Guide to Network Security Fundamentals. 2e 25 Java Applet • A separate program stored on a Web server and downloaded onto a user’s computer along with HTML code • Can also be made into hostile programs • Sandbox is a defense against a hostile Java applet – Surrounds program and keeps it away from private data and other resources on a local computer Java Applet (continued) • Java applet programs should run within a sandbox Security+ Guide to Network Security Fundamentals. 2e 27 . 2e 24 Security+ Guide to Network Security Fundamentals. 2e 26 Security+ Guide to Network Security Fundamentals.

2e 28 Security+ Guide to Network Security Fundamentals.Java Applet (continued) • Two types of Java applets: – Unsigned Java applet: program that does not come from a trusted source – Signed Java applet: has a digital signature proving the program is from a trusted source and has not been altered Java Applet (continued) • The primary defense against Java applets is using the appropriate settings of the Web browser Security+ Guide to Network Security Fundamentals. 2e 29 ActiveX • Set of technologies developed by Microsoft • Outgrowth of two other Microsoft technologies: – Object Linking and Embedding (OLE) – Component Object Model (COM) ActiveX (continued) • ActiveX controls represent a specific way of implementing ActiveX – Can perform many of the same functions of a Java applet. but do not run in a sandbox – Have full access to Windows operating system • Not a programming language but a set of rules for how applications should share information • ActiveX controls are managed through Internet Explorer • ActiveX controls should be set to most restricted levels Security+ Guide to Network Security Fundamentals. 2e 31 . 2e 30 Security+ Guide to Network Security Fundamentals.

ActiveX (continued)

Cookies
• Computer files that contains user-specific information • Need for cookies is based on Hypertext Transfer Protocol (HTTP) • Instead of the Web server asking the user for this information each time they visits that site, the Web server stores that information in a file on the local computer • Attackers often target cookies because they can contain sensitive information (usernames and other private information)

Security+ Guide to Network Security Fundamentals, 2e

32

Security+ Guide to Network Security Fundamentals, 2e

33

Cookies (continued)
• Can be used to determine which Web sites you view • First-party cookie is created from the Web site you are currently viewing • Some Web sites attempt to access cookies they did not create
– If you went to wwwborg, that site might attempt to get the cookie A-ORG from your hard drive – Now known as a third-party cookie because it was not created by Web site that attempts to access the cookie
Security+ Guide to Network Security Fundamentals, 2e 34

Common Gateway Interface (CGI)
• Set of rules that describes how a Web server communicates with other software on the server and vice versa • Commonly used to allow a Web server to display information from a database on a Web page or for a user to enter information through a Web form that is deposited in a database

Security+ Guide to Network Security Fundamentals, 2e

35

Common Gateway Interface (CGI) (continued)
• CGI scripts create security risks
– Do not filter user input properly – Can issue commands via Web URLs

83 Naming Conventions
• Microsoft Disk Operating System (DOS) limited filenames to eight characters followed by a period and a three-character extension (e.g., Filename.doc) • Called the 83 naming convention • Recent versions of Windows allow filenames to contain up to 256 characters • To maintain backward compatibility with DOS, Windows automatically creates an 83 “alias” filename for every long filename
36 Security+ Guide to Network Security Fundamentals, 2e 37

• CGI security can be enhanced by:
– Properly configuring CGI – Disabling unnecessary CGI scripts or programs – Checking program code that uses CGI for any vulnerabilities
Security+ Guide to Network Security Fundamentals, 2e

83 Naming Conventions (continued)
• The 83 naming convention introduces a security vulnerability with some Web servers
– Microsoft Internet Information Server 40 and other Web servers can inherit privileges from parent directories instead of the requested directory if the requested directory uses a long filename

Securing Web Communications
• Most common secure connection uses the Secure Sockets Layer/Transport Layer Security protocol • One implementation is the Hypertext Transport Protocol over Secure Sockets Layer

• Solution is to disable creation of the 83 alias by making a change in the Windows registry database
– In doing so, older programs that do not recognize long filenames are not able to access the files or subdirectories
Security+ Guide to Network Security Fundamentals, 2e 38 Security+ Guide to Network Security Fundamentals, 2e 39

Secure Sockets Layer (SSL)/ Transport Layer Security (TLS)
• SSL protocol developed by Netscape to securely transmit documents over the Internet – Uses private key to encrypt data transferred over the SSL connection – Version 20 is most widely supported version – Personal Communications Technology (PCT), developed by Microsoft, is similar to SSL

Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) (continued)
• TLS protocol guarantees privacy and data integrity between applications communicating over the Internet
– An extension of SSL; they are often referred to as SSL/TLS

• SSL/TLS protocol is made up of two layers

Security+ Guide to Network Security Fundamentals, 2e

40

Security+ Guide to Network Security Fundamentals, 2e

41

Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) (continued)
• TLS Handshake Protocol allows authentication between server and client and negotiation of an encryption algorithm and cryptographic keys before any data is transmitted • FORTEZZA is a US government security standard that satisfies the Defense Messaging System security architecture
– Has cryptographic mechanism that provides message confidentiality, integrity, authentication, and access control to messages, components, and even systems
Security+ Guide to Network Security Fundamentals, 2e 42

Secure Hypertext Transport Protocol (HTTPS)
• One common use of SSL is to secure Web HTTP communication between a browser and a Web server
– This version is “plain” HTTP sent over SSL/TLS and named Hypertext Transport Protocol over SSL

• Sometimes designated HTTPS, which is the extension to the HTTP protocol that supports it • Whereas SSL/TLS creates a secure connection between a client and a server over which any amount of data can be sent security, HTTPS is designed to transmit individual messages securely
Security+ Guide to Network Security Fundamentals, 2e 43

2e . 2e Security+ Guide to Network Security Fundamentals. 2e 44 Security+ Guide to Network Security Fundamentals. or hoaxes • Web vulnerabilities can open systems up to a variety of attacks • A Java applet is a separate program stored on the Web server and downloaded onto the user’s computer along with the HTML code 46 47 Security+ Guide to Network Security Fundamentals. 2e 45 Securing Instant Messaging (continued) • Steps to secure IM include: – Keep the IM server within the organization’s firewall and only permit users to send and receive messages with trusted internal workers – Enable IM virus scanning – Block all IM file transfers – Encrypt messages Summary • Protecting basic communication systems is a key to resisting attacks • E-mail attacks can be malware.Securing Instant Messaging • Depending on the service. e-mail messages may take several minutes to be posted to the POP3 account • Instant messaging (IM) is a complement to e-mail that overcomes these – Allows sender to enter short messages that the recipient sees and can respond to immediately Securing Instant Messaging (continued) • Some tasks that you can perform with IM: – Chat – Images – Sounds – Files – Talk – Streaming content Security+ Guide to Network Security Fundamentals. spam.

2e 3 . 2e Objectives • Harden File Transfer Protocol (FTP) • Secure remote access • Protect directory services • Secure digital cellular telephony • Harden wireless local area networks (WLAN) Hardening File Transfer Protocol (FTP) • Three ways to work with FTP: – Web browser – FTP client – Command line • FTP servers can be configured to allow unauthenticated users to transfer files (called anonymous FTP or blind FTP) Security+ Guide to Network Security Fundamentals. 2e 2 Security+ Guide to Network Security Fundamentals.Summary (continued) • ActiveX controls present serious security concerns because of the functions that a control can execute • A cookie is a computer file that contains user-specific information • CGI is a set of rules that describe how a Web server communicates with other software on the server • The popularity of IM has made this a tool that many organizations are now using with e-mail 48 Chapter 7: Protecting Advanced Communications Security+ Guide to Network Security Fundamentals Second Edition Security+ Guide to Network Security Fundamentals.

while Windows 2003 uses Computer Management for Workgroup access and Active Directory for configuring access to the domain • Windows 2003 Remote Access Policies can lock down a remote access system to ensure that only those intended to have access are actually granted it Security+ Guide to Network Security Fundamentals.024 Security+ Guide to Network Security Fundamentals. 2e 6 Security+ Guide to Network Security Fundamentals. 2e 5 • Most secure FTP products use Secure Socket Layers (SSL) to perform the encryption Security+ Guide to Network Security Fundamentals. port 21 (Step 1) – Client starts listening to PORT N+1 and sends the FTP command PORT N+1 to the FTP server • Use secure FTP to reduce risk of attack – Secure FTP is a term used by vendors to describe encrypting FTP transmissions • FTP passive mode – Client initiates both connections to server – When opening an FTP connection.Hardening File Transfer Protocol (FTP) (continued) • Vulnerabilities associated with using FTP – FTP does not use encryption – Files being transferred by FTP are vulnerable to manin-the-middle attacks Hardening File Transfer Protocol (FTP) (continued) • FTP active mode – Client connects from any random port >1.024 (PORT N) to FTP server’s command port. 2e 7 . 2e 4 Hardening File Transfer Protocol (FTP) (continued) Secure Remote Access • Windows NT includes User Manager to allow dial-in access. client opens two local random unprivileged ports >1.

configures. 2e 8 Security+ Guide to Network Security Fundamentals. 2e 9 Point-to-Point Tunneling Protocol (PPTP) • Most widely deployed tunneling protocol • Connection is based on the Point-to-Point Protocol (PPP). which establishes. and tests the connection Security+ Guide to Network Security Fundamentals. widely used protocol for establishing connections over a serial line or dial-up connection between two points • Client connects to a network access server (NAS) to initiate connection • Extension to PPTP is Link Control Protocol (LCP). 2e 10 Point-to-Point Tunneling Protocol (PPTP) (continued) Security+ Guide to Network Security Fundamentals.Tunneling Protocols • Tunneling: technique of encapsulating one packet of data within another type to create a secure link of transportation Tunneling Protocols (continued) Security+ Guide to Network Security Fundamentals. 2e 11 .

2e 13 IEEE 8021x • Based on a standard established by the Institute for Electrical and Electronic Engineers (IEEE) • Gaining wide-spread popularity • Provides an authentication framework for 802-based LANs (Ethernet. which is primarily implemented as software on a client computer. L2TP can also be found on devices such as routers Authentication Technologies • Authenticating a transmission to ensure that it comes from an approved sender can provide an increased level of security for remote access users Security+ Guide to Network Security Fundamentals. 2e 15 . which requires secure network access – Authenticator: serves as an intermediary device between supplicant and authentication server – Authentication server: receives request from supplicant through authenticator Security+ Guide to Network Security Fundamentals. 2e 12 Security+ Guide to Network Security Fundamentals.Layer 2 Tunneling Protocol (L2TP) • Represents a merging of features of PPTP with Cisco’s Layer 2 Forwarding Protocol (L2F). 2e 14 Security+ Guide to Network Security Fundamentals. which itself was originally designed to address some of the weaknesses of PPTP • Unlike PPTP. such as a desktop computer or personal digital assistant (PDA). wireless LANs) • Uses port-based authentication mechanisms – Switch denies access to anyone other than an authorized user attempting to connect to the network through that port IEEE 8021x (continued) • Network supporting the 8021x protocol consists of three elements: – Supplicant: client device. Token Ring.

2e 16 Security+ Guide to Network Security Fundamentals. authorization. 2e 17 Remote Authentication Dial-In User Service (RADIUS) • Originally defined to enable centralized authentication and access control and PPP sessions • Requests are forwarded to a single RADIUS server • Supports authentication. RADIUS server adds an accounting record to its log and acknowledges the request • Allows company to maintain user profiles in a central database that all remote servers can share Security+ Guide to Network Security Fundamentals. and auditing functions • After connection is made.IEEE 8021x (continued) IEEE 8021x (continued) • Several variations of EAP can be used with 8021x: – EAP-Transport Layer Security (EAP-TLS) – Lightweight EAP (LEAP) – EAP-Tunneled TLS (EAP-TTLS) – Protected EAP (PEAP) – Flexible Authentication via Secure Tunneling (FAST) Security+ Guide to Network Security Fundamentals. 2e 18 Terminal Access Control Access Control System (TACACS+) • Industry standard protocol specification that forwards username and password information to a centralized server • Whereas communication between a NAS and a TACACS+ server is encrypted. 2e 19 . communication between a client and a NAS is not Security+ Guide to Network Security Fundamentals.

Secure Transmission Protocols • PPTP and L2TP provide a secure mechanism for preventing eavesdroppers from viewing transmissions Secure Shell (SSH) • One of the primary goals of the ARPANET (which became today’s Internet) was remote access • SSH is a UNIX-based command interface and protocol for securely accessing a remote computer • Suite of three utilities—slogin. 2e 23 . and scp • Can protect against: – IP spoofing – DNS spoofing – Intercepting information Security+ Guide to Network Security Fundamentals. 2e 20 Security+ Guide to Network Security Fundamentals. 2e 21 Secure Shell (SSH) (continued) IP Security (IPSec) • Different security tools function at different layers of the Open System Interconnection (OSI) model • Secure/Multipurpose Internet Mail Extensions (S/MIME) and Pretty Good Privacy (PGP) operate at the Application layer • Kerberos functions at the Session layer Security+ Guide to Network Security Fundamentals. ssh. 2e 22 Security+ Guide to Network Security Fundamentals.

yet leaves the header encrypted – Tunnel mode encrypts both the header and the data portion IP Security (IPSec) (continued) • IPSec accomplishes transport and tunnel modes by adding new headers to the IP packet • The entire original packet is then treated as the data portion of the new packet Security+ Guide to Network Security Fundamentals. 2e 24 Security+ Guide to Network Security Fundamentals. and software • Provides three areas of protection that correspond to three IPSec protocols: – Authentication – Confidentiality – Key management Security+ Guide to Network Security Fundamentals. 2e 25 IP Security (IPSec) (continued) • Supports two encryption modes: – Transport mode encrypts only the data portion (payload) of each packet. users. 2e 27 . 2e 26 Security+ Guide to Network Security Fundamentals.IP Security (IPSec) (continued) IP Security (IPSec) (continued) • IPSec is a set of protocols developed to support the secure exchange of packets • Considered to be a transparent security protocol • Transparent to applications.

2e 28 Security+ Guide to Network Security Fundamentals. 2e 31 . creating four possible transport mechanisms: – AH in transport mode – AH in tunnel mode – ESP in transport mode – ESP in tunnel mode Virtual Private Networks (VPNs) • Takes advantage of using the public Internet as if it were a private network • Allow the public Internet to be used privately • Prior to VPNs. 2e 30 Security+ Guide to Network Security Fundamentals. organizations were forced to lease expensive data connections from private carriers so employees could remotely connect to the organization’s network Security+ Guide to Network Security Fundamentals. a dedicated hardware device such as a VPN concentrator. 2e 29 Virtual Private Networks (VPNs) (continued) • Two common types of VPNs include: – Remote-access VPN or virtual private dial-up network (VPDN): user-to-LAN connection used by remote users – Site-to-site VPN: multiple sites can connect to other sites over the Internet Virtual Private Networks (VPNs) (continued) • VPN transmissions achieved through communicating with endpoints – An endpoint can be software on a local computer.IP Security (IPSec) (continued) • Both Authentication Header (AH) and Encapsulating Security Payload (ESP) can be used with Transport or Tunnel mode. or even a firewall Security+ Guide to Network Security Fundamentals.

and logon name • The International Standards Organization (ISO) created a standard for directory services known as X500 Security+ Guide to Network Security Fundamentals. uses digital instead of analog transmissions • Digital cellular uses packet switching instead of circuit-switching technology Security+ Guide to Network Security Fundamentals. which started in the early 1990s. 2e 33 Protecting Directory Services (continued) • The X500 standard defines a protocol for a client application to access the X500 directory called the Directory Access Protocol (DAP) • The DAP is too large to run on a personal computer • The Lightweight Directory Access Protocol (LDAP). 2e 34 Security+ Guide to Network Security Fundamentals. 2e 32 Protecting Directory Services (continued) • Purpose of X500 was to standardize how data was stored so any computer system could access these directories • Information is held in a directory information base (DIB) • Entries in the DIB are arranged in a directory information tree (DIT) Security+ Guide to Network Security Fundamentals. e-mail address. or X500 Lite. 2e 35 . is a simpler subset of DAP Securing Digital Cellular Telephony • The early use of wireless cellular technology is known as First Generation (1G) • 1G is characterized by analog radio frequency (RF) signals transmitting at a top speed of 96 Kbps • 1G networks use circuit-switching technology • Digital cellular technology. telephone extension.Protecting Directory Services • A directory service is a database stored on the network itself and contains all information about users and network devices • A directory service contains information such as the user’s name.

2e 39 Security+ Guide to Network Security Fundamentals. >98% of all notebooks will be wirelessenabled • Serious security vulnerabilities have also been created by wireless data technology: – Unauthorized users can access the wireless signal from outside a building and connect to the network – Attackers can capture and view transmitted data – Employees in the office can install personal wireless equipment and defeat perimeter security measures – Attackers can crack wireless security with kiddie scripts Security+ Guide to Network Security Fundamentals.Wireless Application Protocol (WAP) • Provides standard way to transmit. format. 2e 37 Wireless Transport Layer Security (WTLS) • Security layer of the WAP • Provides privacy. 2e 36 Wireless Application Protocol (WAP) (continued) Security+ Guide to Network Security Fundamentals. a WAP Gateway (or WAP Proxy) must translate between WML and HTML Security+ Guide to Network Security Fundamentals. data integrity. and display Internet data for devices such as cell phones • A WAP cell phone runs a microbrowser that uses Wireless Markup Language (WML) instead of HTML – WML is designed to display text-based Web content on the small screen of a cell phone – Because the Internet standard is HTML. 2e 38 . and authentication for WAP services • Designed specifically for wireless cellular telephony • Based on the TLS security layer used on the Internet • Replaced by TLS in WAP 20 Hardening Wireless Local Area Networks (WLAN) • By 2007.

2e 41 WLAN Components • Each network device must have a wireless network interface card installed • Wireless NICs are available in a variety of formats: – Type II PC card – CompactFlash (CF) card – USB stick – Mini PCI – USB device WLAN Components (continued) • An access point (AP) consists of three major parts: – An antenna and a radio transmitter/receiver to send and receive signals – An RJ-45 wired network interface that allows it to connect by cable to a standard wired network – Special bridging software Security+ Guide to Network Security Fundamentals. a new 80211b High Rate was amended to the 80211 standard • 80211b added two higher speeds. 55 and 11 Mbps • With faster data rates. 12. 24. 36.IEEE 80211 Standards • A WLAN shares same characteristics as a standard data-based LAN with the exception that network devices do not use cables to connect to the network • RF is used to send and receive packets • Sometimes called Wi-Fi for Wireless Fidelity. and 6 Mbps transmissions at 5 GHz Security+ Guide to Network Security Fundamentals. 18. 2e 42 Security+ Guide to Network Security Fundamentals. 2e 43 . 2e 40 IEEE 80211 Standards (continued) • In September 1999. network devices can transmit 11 to 108 Mbps at a range of 150 to 375 feet • 80211a has a maximum rated speed of 54 Mbps and also supports 48. 9. 80211b quickly became the standard for WLANs • At same time. the 80211a standard was released Security+ Guide to Network Security Fundamentals.

2e 44 • Each WLAN is given a unique SSID Security+ Guide to Network Security Fundamentals. allowing an attacker with a sniffer to see the MAC address of an approved device Security+ Guide to Network Security Fundamentals. as well as each wireless device • A serious vulnerability in WEP is that the IV is not properly implemented • Every time a packet is encrypted it should be given a unique IV Security+ Guide to Network Security Fundamentals. 2e 45 MAC Address Filtering • Another way to harden a WLAN is to filter MAC addresses • The MAC address of approved wireless devices is entered on the AP • A MAC address can be spoofed • When wireless device and AP first exchange packets. the MAC address of the wireless device is sent in plaintext. 2e 46 Wired Equivalent Privacy (WEP) • Optional configuration for WLANs that encrypts packets during transmission to prevent attackers from viewing their contents • Uses shared keys the same key for encryption and decryption must be installed on the AP.Basic WLAN Security • Two areas: – Basic WLAN security – Enterprise WLAN security Service Set Identifier (SSID) Beaconing • A service set is a technical term used to describe a WLAN network • Three types of service sets: – Independent Basic Service Set (IBSS) – Basic Service Set (BSS) – Extended Service Set (ESS) • Basic WLAN security uses two new wireless tools and one tool from the wired world: – Service Set Identifier (SSID) beaconing – MAC address filtering – Wired Equivalent Privacy (WEP) Security+ Guide to Network Security Fundamentals. 2e 47 .

2e 48 Security+ Guide to Network Security Fundamentals. 2e 51 . MAC address filtering. 2e 49 Untrusted Network (continued) Trusted Network • It is still possible to provide security for a WLAN and treat it as a trusted network • Wi-Fi Protected Access (WPA) was crafted by the WECA in 2002 as an interim solution until a permanent wireless security standard could be implemented • Has two components: – WPA encryption – WPA access control Security+ Guide to Network Security Fundamentals. and WEP encryption is not secure enough for an organization to use • One approach to securing a WLAN is to treat it as an untrusted and unsecure network • Requires that the WLAN be placed outside the secure perimeter of the trusted network Security+ Guide to Network Security Fundamentals. 2e 50 Security+ Guide to Network Security Fundamentals.Wired Equivalent Privacy (WEP) (continued) Untrusted Network • The basic WLAN security of SSID beaconing.

2e 53 Summary (continued) • Authenticating a transmission to ensure it came from the sender can provide increased security for remote access users • SSH is a UNIX-based command interface and protocol for securely accessing a remote computer • A directory service is a database stored on the network itself and contains all the information about users and network devices • Digital cellular telephony provides various features to operate on a wireless digital cellular device • WLANs have a dramatic impact on user access to data Security+ Guide to Network Security Fundamentals. 2e 54 Chapter 8: Scrambling Through Cryptography Security+ Guide to Network Security Fundamentals Second Edition . the IEEE 80211i solution is even more secure • 80211i is expected to be released sometime in 2004 Summary • The FTP protocol has several security vulnerabilities—it does not natively use encryption and is vulnerable to man-in-the-middle attacks • FTP can be hardened by using secure FTP (which encrypts using SSL) • Protecting remote access transmissions is particularly important in today’s environment as more users turn to the Internet as the infrastructure for accessing protected information Security+ Guide to Network Security Fundamentals. 2e 52 Security+ Guide to Network Security Fundamentals.Trusted Network (continued) • WPA encryption addresses the weaknesses of WEP by using the Temporal Key Integrity Protocol (TKIP) • TKIP mixes keys on a per-packet basis to improve security • Although WPA provides enhanced security.

2e 3 Cryptography Terminology (continued) • Decryption: reverse process of encryption • Algorithm: process of encrypting and decrypting information based on a mathematical procedure • Key: value used by an algorithm to encrypt or decrypt a message Cryptography Terminology (continued) • Weak key: mathematical key that creates a detectable pattern or structure • Plaintext: original unencrypted information (also known as clear text) • Cipher: encryption or decryption algorithm tool used to create encrypted or decrypted text • Ciphertext: data that has been encrypted by an encryption algorithm 4 5 Security+ Guide to Network Security Fundamentals. 2e Security+ Guide to Network Security Fundamentals. 2e 2 Security+ Guide to Network Security Fundamentals.Objectives • Define cryptography • Secure with cryptography hashing algorithms • Protect with symmetric encryption algorithms • Harden with asymmetric encryption algorithms • Explain how to use cryptography Cryptography Terminology • Cryptography: science of transforming information so it is secure while being transmitted or stored • Steganography: attempts to hide existence of data • Encryption: changing the original text to a secret message using cryptography Security+ Guide to Network Security Fundamentals. 2e .

2e 7 Securing with Cryptography Hashing Algorithms • One of the three categories of cryptographic algorithms is known as hashing Defining Hashing • Hashing.Cryptography Terminology (continued) How Cryptography Protects • Intended to protect the confidentiality of information • Second function of cryptography is authentication • Should ensure the integrity of the information as well • Should also be able to enforce nonrepudiation. also called a one-way hash. 2e 6 Security+ Guide to Network Security Fundamentals. creates a ciphertext from plaintext • Cryptographic hashing follows this same basic approach • Hash algorithms verify the accuracy of a value without transmitting the value itself and subjecting it to attacks • A practical use of a hash algorithm is with automatic teller machine (ATM) cards Security+ Guide to Network Security Fundamentals. the inability to deny that actions were performed • Can be used for access control Security+ Guide to Network Security Fundamentals. 2e 8 Security+ Guide to Network Security Fundamentals. 2e 9 .

2e 13 . 2e 10 Security+ Guide to Network Security Fundamentals. 2e 11 Defining Hashing (continued) Message Digest (MD) • Message digest 2 (MD2) takes plaintext of any length and creates a hash 128 bits long – MD2 divides the message into 128-bit sections – If the message is less than 128 bits.Defining Hashing (continued) Defining Hashing (continued) • Hashing is typically used in two ways: – To determine whether a password a user enters is correct without transmitting the password itself – To determine the integrity of a message or contents of a file • Hash algorithms are considered very secure if the hash that is produced has the characteristics listed on pages 276 and 277 of the text Security+ Guide to Network Security Fundamentals. data known as padding is added • Message digest 4 (MD4) was developed in 1990 for computers that processed 32 bits at a time – Takes plaintext and creates a hash of 128 bits – The plaintext message itself is padded to a length of 512 bits Security+ Guide to Network Security Fundamentals. 2e 12 Security+ Guide to Network Security Fundamentals.

algorithms are designed to decrypt the ciphertext – It is essential that the key be kept confidential: if an attacker secured the key. 2e 17 . 2e 15 Protecting with Symmetric Encryption Algorithms • Most common type of cryptographic algorithm (also called private key cryptography) • Use a single key to encrypt and decrypt a message • With symmetric encryption. she could decrypt any messages Protecting with Symmetric Encryption Algorithms (continued) • Can be classified into two distinct categories based on amount of data processed at a time: – Stream cipher (such as a substitution cipher) – Block cipher • Substitution ciphers substitute one letter or character for another – Also known as a monoalphabetic substitution cipher – Can be easy to break Security+ Guide to Network Security Fundamentals. 2e 14 Security+ Guide to Network Security Fundamentals.Message Digest (MD) (continued) • Message digest 5 (MD5) is a revision of MD4 designed to address its weaknesses – The length of a message is padded to 512 bits – The hash algorithm then uses four variables of 32 bits each in a round-robin fashion to create a value that is compressed to generate the hash Secure Hash Algorithm (SHA) • Patterned after MD4 but creates a hash that is 160 bits in length instead of 128 bits • The longer hash makes it more resistant to attacks • SHA pads messages less than 512 bits with zeros and an integer that describes the original length of the message Security+ Guide to Network Security Fundamentals. 2e 16 Security+ Guide to Network Security Fundamentals.

2e 19 Protecting with Symmetric Encryption Algorithms (continued) Protecting with Symmetric Encryption Algorithms (continued) • A block cipher manipulates an entire block of plaintext at one time • The plaintext message is divided into separate blocks of 8 to 16 bytes and then each block is encrypted independently • The blocks can be randomized for additional security Security+ Guide to Network Security Fundamentals. 2e 21 .Protecting with Symmetric Encryption Algorithms (continued) Protecting with Symmetric Encryption Algorithms (continued) • A homoalphabetic substitution cipher maps a single plaintext character to multiple ciphertext characters • A transposition cipher rearranges letters without changing them • With most symmetric ciphers. 2e 20 Security+ Guide to Network Security Fundamentals. the final step is to combine the cipher stream with the plaintext to create the ciphertext Security+ Guide to Network Security Fundamentals. 2e 18 Security+ Guide to Network Security Fundamentals.

and 64-bit processors Advanced Encryption Standard (AES) (continued) • Performs three steps on every block (128 bits) of plaintext • Within step 2. multiple rounds are performed depending upon the key size: – 128-bit key performs 9 rounds – 192-bit key performs 11 rounds – 256-bit key uses 13 rounds Security+ Guide to Network Security Fundamentals. 32-bit.Data Encryption Standard (DES) • One of the most popular symmetric cryptography algorithms • DES is a block cipher and encrypts data in 64-bit blocks • The 8-bit parity bit is ignored so the effective key length is only 56 bits • DES encrypts 64-bit plaintext by executing the algorithm 16 times • The four modes of DES encryption are summarized on pages 282 and 283 Security+ Guide to Network Security Fundamentals. 2e 25 . 2e 22 Triple Data Encryption Standard (3DES) • Uses three rounds of encryption instead of just one • The ciphertext of one round becomes the entire input for the second iteration • Employs a total of 48 iterations in its encryption (3 iterations times 16 rounds) • The most secure versions of 3DES use different keys for each round Security+ Guide to Network Security Fundamentals. 2e 24 Security+ Guide to Network Security Fundamentals. 2e 23 Advanced Encryption Standard (AES) • Approved by the NIST in late 2000 as a replacement for DES • Process began with the NIST publishing requirements for a new symmetric algorithm and requesting proposals • Requirements stated that the new algorithm had to be fast and function on older computers with 8-bit.

but did not release RC1 and RC3 • RC2 is a block cipher that processes blocks of 64 bits • RC4 is a stream cipher that accepts keys up to 128 bits in length International Data Encryption Algorithm (IDEA) • IDEA algorithm dates back to the early 1990s and is used in European nations • Block cipher that processes 64 bits with a 128-bit key with 8 rounds Security+ Guide to Network Security Fundamentals. ranging from RC1 to RC6. 2e 27 Blowfish • Block cipher that operates on 64-bit blocks • Can have a key length from 32 to 448 bits Hardening with Asymmetric Encryption Algorithms • The primary weakness of symmetric encryption algorithm is keeping the single key secure • This weakness. 2e 26 Security+ Guide to Network Security Fundamentals. poses a number of significant challenges • Asymmetric encryption (or public key cryptography) uses two keys instead of one – The private key typically is used to encrypt the message – The public key decrypts the message Security+ Guide to Network Security Fundamentals. 2e 28 Security+ Guide to Network Security Fundamentals. 2e 29 .Rivest Cipher (RC) • Family of cipher algorithms designed by Ron Rivest • He developed six ciphers. known as key management.

the Diffie-Hellman algorithm does not encrypt and decrypt text • Strength of Diffie-Hellman is that it allows two users to share a secret key securely over a public network • Once the key has been shared. both parties can use it to encrypt and decrypt messages using symmetric cryptography Elliptic Curve Cryptography • First proposed in the mid-1980s • Instead of using prime numbers.Hardening with Asymmetric Encryption Algorithms (continued) Rivest Shamir Adleman (RSA) • Asymmetric algorithm published in 1977 and patented by MIT in 1983 • Most common asymmetric encryption and authentication algorithm • Included as part of the Web browsers from Microsoft and Netscape as well as other commercial products • Multiplies two large prime numbers Security+ Guide to Network Security Fundamentals. you can arrive at a third point on the curve Security+ Guide to Network Security Fundamentals. 2e 32 Security+ Guide to Network Security Fundamentals. uses elliptic curves • An elliptic curve is a function drawn on an X-Y axis as a gently curved line • By adding the values of two points on the curve. 2e 33 . 2e 30 Security+ Guide to Network Security Fundamentals. 2e 31 Diffie-Hellman • Unlike RSA.

2e 34 Security+ Guide to Network Security Fundamentals.Understanding How to Use Cryptography • Cryptography can provide a major defense against attackers • If an e-mail message or data stored on a file server is encrypted. even a successful attempt to steal that information will be of no benefit if the attacker cannot read it Digital Signature • Encrypted hash of a message that is transmitted along with the message • Helps to prove that the person sending the message with a public key is whom he/she claims to be • Also proves that the message was not altered and that it was sent in the first place Security+ Guide to Network Security Fundamentals. 2e 35 Benefits of Cryptography • Five key elements: – Confidentiality – Authentication – Integrity – Nonrepudiation – Access control Benefits of Cryptography (continued) Security+ Guide to Network Security Fundamentals. 2e 37 . 2e 36 Security+ Guide to Network Security Fundamentals.

2e 39 Microsoft Windows Encrypting File System (EFS) • Encryption scheme for Windows 2000. EFS generates a file encryption key (FEK) to encrypt the data Microsoft Windows Encrypting File System (EFS) (continued) • The FEK is encrypted with the user’s public key and the encrypted FEK is then stored with the file • EFS is enabled by default • When using Microsoft EFT. 2e 38 Security+ Guide to Network Security Fundamentals. and Linux operating systems • PGP and GPG use both asymmetric and symmetric cryptography • PGP can use either RSA or the Diffie-Hellman algorithm for the asymmetric encryption and IDEA for the symmetric encryption • GPG is a free product Security+ Guide to Network Security Fundamentals. UNIX. Windows XP Professional. 2e 41 . 2e 40 Security+ Guide to Network Security Fundamentals. the tasks recommended are listed on page 293 of the text Security+ Guide to Network Security Fundamentals.Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) • PGP is perhaps most widely used asymmetric cryptography system for encrypting e-mail messages on Windows systems – Commercial product Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) (continued) • GPG versions run on Windows. and Windows 2003 Server operating systems that use the NTFS file system • Uses asymmetric cryptography and a per-file encryption key to encrypt and decrypt data • When a user encrypts a file.

and access control • Hashing. 2e 42 Security+ Guide to Network Security Fundamentals. to be rewritten to support it UNIX Pluggable Authentication Modules (PAM) (continued) • A solution is to use PAMs • Provides a way to develop programs that are independent of the authentication scheme Security+ Guide to Network Security Fundamentals. creates a ciphertext from plaintext • Symmetric encryption algorithms use a single key to encrypt and decrypt a message Security+ Guide to Network Security Fundamentals. 2e 45 . 2e 43 Linux Cryptographic File System (CFS) • Linux users can add one of several cryptographic systems to encrypt files • One of the most common is the CFS • Other Linux cryptographic options are listed on pages 294 and 295 of the text Summary • Cryptography seeks to fulfill five key security functions: confidentiality. such as login and ftp. also called a one-way hash. 2e 44 Security+ Guide to Network Security Fundamentals. authenticating a user was accomplished by requesting a password from the user and checking whether the entered password corresponded to the encrypted password stored in the user database /etc/passwd • Each new authentication scheme requires all the necessary programs. integrity.UNIX Pluggable Authentication Modules (PAM) • When UNIX was originally developed. nonrepudiation. authentication.

2e 46 Objectives • Explain cryptography strengths and vulnerabilities • Define public key infrastructure (PKI) • Manage digital certificates • Explore key management Understanding Cryptography Strengths and Vulnerabilities • Cryptography is science of “scrambling” data so it cannot be viewed by unauthorized users. making it secure while being transmitted or stored • When the recipient receives encrypted text or another user wants to access stored information. and that it cannot be denied that the message was sent • The most widely used asymmetric cryptography system for encrypting e-mail messages on Windows systems is PGP Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition Security+ Guide to Network Security Fundamentals. that the message was not altered. 2e 3 .Summary (continued) • A digital certificate helps to prove that the person sending the message with a public key is actually whom they claim to be. it must be decrypted with the cipher and key to produce the original plaintext Security+ Guide to Network Security Fundamentals. 2e 2 Security+ Guide to Network Security Fundamentals.

2e 7 Security+ Guide to Network Security Fundamentals. 2e 6 . the receiver uses the other key to decrypt the message • A digital signature helps to prove that: – The person sending the message with a public key is who they claim to be – The message was not altered – It cannot be denied the message was sent Security+ Guide to Network Security Fundamentals.Symmetric Cryptography Strengths and Weaknesses • Identical keys are used to both encrypt and decrypt the message • Popular symmetric cipher algorithms include Data Encryption Standard. Rivest Cipher. 2e 5 Asymmetric Cryptography Strengths and Vulnerabilities (continued) • Can greatly improve cryptography security. Advanced Encryption Standard. and Blowfish • Disadvantages of symmetric encryption relate to the difficulties of managing the private key Security+ Guide to Network Security Fundamentals. and flexibility • Public keys can be distributed freely • Users cannot deny they have sent a message if they have previously encrypted the message with their private keys • Primary disadvantage is that it is computing-intensive Digital Signatures • Asymmetric encryption allows you to use either the public or private key to encrypt a message. 2e 4 Asymmetric Cryptography Strengths and Vulnerabilities • With asymmetric encryption. International Data Encryption Algorithm. convenience. Triple Data Encryption Standard. two keys are used instead of one – The private key encrypts the message – The public key decrypts the message Security+ Guide to Network Security Fundamentals.

the RA • Updated certificates and CRLs are kept in a CR for users to refer to Security+ Guide to Network Security Fundamentals. which can be accessed to check the certificate status of other users Security+ Guide to Network Security Fundamentals. tasks such as processing certificate requests and authenticating users Security+ Guide to Network Security Fundamentals. called a Certificate Repository (CR) • Some organizations set up a Registration Authority (RA) to handle some CA. details about the key owner. 2e 11 . 2e 8 Security+ Guide to Network Security Fundamentals. 2e 9 Certification Authority (CA) (continued) • The CA must publish the certificates and CRLs to a directory immediately after a certificate is issued or revoked so users can refer to this directory to see changes • Can provide the information in a publicly accessible directory. 2e 10 Understanding Public Key Infrastructure (PKI) • Weaknesses associated with asymmetric cryptography led to the development of PKI • A CA is an important trusted party who can sign and issue certificates for users • Some of its tasks can also be performed by a subordinate function. and other optional information that is all digitally signed by a trusted third party Certification Authority (CA) • The owner of the public key listed in the digital certificate can be identified to the CA in different ways – By their e-mail address – By additional information that describes the digital certificate and limits the scope of its use • Revoked digital certificates are listed in a Certificate Revocation List (CRL).Digital Certificates • Digital documents that associate an individual with its specific public key • Data structure containing a public key.

integrating digital certificates. 2e 14 Security+ Guide to Network Security Fundamentals. 2e 13 PKI Standards and Protocols • A number of standards have been proposed for PKI – Public Key Cryptography Standards (PKCS) – X509 certificate standards Public Key Cryptography Standards (PKCS) • Numbered set of standards that have been defined by the RSA Corporation since 1991 • Composed of 15 standards detailed on pages 318 and 319 of the text Security+ Guide to Network Security Fundamentals. 2e 12 Security+ Guide to Network Security Fundamentals. renews. and revokes certificates – Provides related network services and security • Typically consists of one or more CA servers and digital certificates that automate several tasks Security+ Guide to Network Security Fundamentals. and CAs • For a typical enterprise: – Provides end-user enrollment software – Integrates corporate certificate directories – Manages.The Need for PKI Description of PKI • Manages keys and identity information required for asymmetric cryptography. public key cryptography. 2e 15 .

a personal relationship exists between two individuals • Third-party trust refers to a situation in which two individuals trust each other only because each individually trusts a third party • The three different PKI trust models are based on direct and third-party trust Security+ Guide to Network Security Fundamentals.X509 Digital Certificates • X509 is an international standard defined by the International Telecommunication Union (ITU) that defines the format for the digital certificate • Most widely used certificate format for PKI • X509 is used by Secure Socket Layers (SSL)/Transport Layer Security (TLS). IP Security (IPSec). 2e 16 Security+ Guide to Network Security Fundamentals. and Secure/Multipurpose Internet Mail Extensions (S/MIME) X509 Digital Certificates (continued) Security+ Guide to Network Security Fundamentals. 2e 19 . 2e 17 Trust Models • Refers to the type of relationship that can exist between people or organizations • In the direct trust. 2e 18 Trust Models (continued) Security+ Guide to Network Security Fundamentals.

they can download the digital certificate and public key from the CA and store them on their local computer • CA certificates are issued by a CA directly to individuals • Typically used to secure e-mail transmissions through S/MIME and SSL/TLS • In an hierarchical trust model. 2e 20 Security+ Guide to Network Security Fundamentals. the primary or root certificate authority issues and signs the certificates for CAs below it Security+ Guide to Network Security Fundamentals.Trust Models (continued) • The web of trust model is based on direct trust • Single-point trust model is based on third-party trust – A CA directly issues and signs certificates Managing Digital Certificates • After a user decides to trust a CA. 2e 23 . 2e 22 Security+ Guide to Network Security Fundamentals. or mail server to ensure a secure transmission • Software publisher certificates are provided by software publishers to verify their programs are secure Security+ Guide to Network Security Fundamentals. 2e 21 Managing Digital Certificates (continued) Managing Digital Certificates (continued) • Server certificates can be issued from a Web server. FTP server.

it is vital that they be carefully managed Security+ Guide to Network Security Fundamentals.Certificate Policy (CP) • Published set of rules that govern operation of a PKI • Begins with an opening statement outlining its scope • Should cover at a minimum the topics listed on page 325 of the text Certificate Practice Statement (CPS) • More technical document compared to a CP • Describes in detail how the CA uses and manages certificates • Covers topics such as those listed on pages 325 and 326 of the text Security+ Guide to Network Security Fundamentals. 2e 27 . 2e 26 Security+ Guide to Network Security Fundamentals. 2e 25 Certificate Life Cycle • Typically divided into four parts: – Creation – Revocation – Expiration – Suspension Exploring Key Management • Because keys form the very foundation of the algorithms in asymmetric and PKI systems. 2e 24 Security+ Guide to Network Security Fundamentals.

2e 30 Security+ Guide to Network Security Fundamentals. 2e 31 .Centralized and Decentralized Management • Key management can either be centralized or decentralized • An example of a decentralized key management system is the PKI web of trust model • Centralized key management is the foundation for single-point trust models and hierarchical trust models. you can choose to use multiple pairs of dual keys • One pair of keys may be used to encrypt information and the public key could be backed up to another location • The second pair would be used only for digital signatures and the public key in that pair would never be backed up Security+ Guide to Network Security Fundamentals. with keys being distributed by the CA Key Storage • It is possible to store public keys by embedding them within digital certificates • This is a form of software-based storage and doesn’t involve any cryptography hardware • Another form of software-based storage involves storing private keys on the user’s local computer Security+ Guide to Network Security Fundamentals. 2e 28 Security+ Guide to Network Security Fundamentals. it is important that they be adequately protected Key Usage • If you desire more security than a single set of public and private (single-dual) keys can offer. 2e 29 Key Storage (continued) • Storing keys in hardware is an alternative to software-based keys • Whether private keys are stored in hardware or software.

2e 33 Security+ Guide to Network Security Fundamentals.Key Handling Procedures • Certain procedures can help ensure that keys are properly handled: – Escrow – Renewal – Recovery – Destruction – Expiration – Revocation – Suspension Summary • One of the advantages of symmetric cryptography is that encryption and decryption using a private key is usually fast and easy to implement • A digital signature solves the problem of authenticating the sender when using asymmetric cryptography • With the number of different tools required for asymmetric cryptography. 2e Summary (continued) • PKCS is a numbered set of standards that have been defined by the RSA Corporation since 1991 • The three PKI trust models are based on direct and third-party trust • Digital certificates are managed through CPs and CPSs Chapter 10: Operational Security Security+ Guide to Network Security Fundamentals Second Edition Security+ Guide to Network Security Fundamentals. an organization can find itself implementing piecemeal solutions for different applications 32 Security+ Guide to Network Security Fundamentals. 2e 34 .

2e 2 Security+ Guide to Network Security Fundamentals. mouse. a table that defines the access rights each subject has to a folder or file • Access control also refers to restricting physical access to computers or network devices Controlling Access with Physical Barriers • Most servers are rack-mounted servers • A rack-mounted server is 175 inches (445 cm) tall and can be stacked with up to 50 other servers in a closely confined area • Rack-mounted units are typically connected to a KVM (keyboard. mouse) switch. 2e 5 . or vandalize Security+ Guide to Network Security Fundamentals. 2e 3 Hardening Physical Security with Access Controls (continued) • Configure an operating system to enforce access controls through an access control list (ACL). and keyboard Security+ Guide to Network Security Fundamentals. 2e 4 Security+ Guide to Network Security Fundamentals. video.Objectives • Harden physical security with access controls • Minimize social engineering • Secure the physical environment • Define business continuity • Plan for disaster recovery Hardening Physical Security with Access Controls • Adequate physical security is one of the first lines of defense against attacks • Protects equipment and the infrastructure itself • Has one primary goal: to prevent unauthorized users from reaching equipment to use. which in turn is connected to a single monitor. steal.

you should also secure the room containing the device • Two basic types of door locks require a key: – A preset lock (key-in-knob lock) requires only a key for unlocking the door from the outside – A deadbolt lock extends a solid metal bar into the door frame for extra security Controlling Access with Physical Barriers (continued) • Cipher locks are combination locks that use buttons you push in the proper sequence to open the door • Can be programmed to allow only the code of certain people to be valid on specific dates and times • Basic models can cost several hundred dollars each while advanced models can run much higher • Users must be careful to conceal which buttons they push to avoid someone seeing the combination (shoulder surfing) 8 Security+ Guide to Network Security Fundamentals. 2e 7 Controlling Access with Physical Barriers (continued) • In addition to securing a device itself. 2e . observe the good practices listed on pages 345 and 346 of the text Security+ Guide to Network Security Fundamentals.Controlling Access with Physical Barriers (continued) Controlling Access with Physical Barriers (continued) Security+ Guide to Network Security Fundamentals. 2e 6 Security+ Guide to Network Security Fundamentals. 2e 9 • To achieve the most security when using door locks.

and can produce false positives (accepting unauthorized users) or false negatives (restricting authorized users) Security+ Guide to Network Security Fundamentals. including: – Suspended ceilings – HVAC ducts – Exposed door hinges – Insufficient lighting – Dead-end corridors Security+ Guide to Network Security Fundamentals. face. can be difficult to use. 2e 11 Minimizing Social Engineering • The best defenses against social engineering are a strong security policy along with adequate training • An organization must establish clear and direct policies regarding what information can be given out and under what circumstances Securing the Physical Environment • Take steps to secure the environment itself to reduce the risk of attacks: – Limiting the range of wireless data signals – Shielding wired signals – Controlling the environment – Suppressing the risk of fires Security+ Guide to Network Security Fundamentals. iris. 2e 13 . 2e 10 Controlling Access with Biometrics • Biometrics uses a person’s unique characteristics to authenticate that person • Some human characteristics used for identification include fingerprint. 2e 12 Security+ Guide to Network Security Fundamentals.Controlling Access with Physical Barriers (continued) • Other physical vulnerabilities should be addressed. and voice • Many high-end biometric scanners are expensive. hand. retina.

fluorescent lights. 2e 14 Shielding a Wired Signal • The insulation and shielding that covers a copper cable does not always prevent a signal from leaking out or having an even stronger signal affect the data transmission on the cable • This interference (noise) can be of several types • Radio frequency interference (RFI) refers to interference caused by broadcast signals from a radio frequency (RF) transmitter. 2e 16 Security+ Guide to Network Security Fundamentals. 2e 17 . or loose electrical connections Shielding a Wired Signal (continued) • The source of near end crosstalk (NEXT) interference is usually from another data signal being transmitted • Loss of signal strength is known as attenuation • Two types of defenses are commonly referenced for shielding a signal – Telecommunications Electronics Material Protected from Emanating Spurious Transmissions (TEMPEST) – Faraday cage Security+ Guide to Network Security Fundamentals. small office or household appliances. 2e 15 Shielding a Wired Signal (continued) • Electromagnetic interference (EMI) may be caused by a variety of sources – A motor of another source of intense electrical activity can create an electromagnetic signal that interferes with a data signal – EMI can also be caused by cellular telephones. citizens’ band and police radios. such as from a commercial radio or television transmitter Security+ Guide to Network Security Fundamentals.Limiting Wireless Signal Range • Use the following techniques to limit the wireless signal range: – Relocate the access point – Substitute 80211a for 80211b – Add directional antenna – Reduce power – Cover the device – Modify the building Security+ Guide to Network Security Fundamentals.

2e 21 . four entities must be present at the same time: – Sufficient oxygen to sustain the combustion – Enough heat to raise the material to its ignition temperature – Some type of fuel or combustible material – A chemical reaction that is the fire itself • Faraday cage – Metallic enclosure that prevents the entry or escape of an electromagnetic field – Consists of a fine-mesh copper screening directly connected to an earth ground Security+ Guide to Network Security Fundamentals. their fuel source. or electrical equipment in the room Security+ Guide to Network Security Fundamentals. documents.Shielding a Wired Signal (continued) • TEMPEST – Classified standard developed by the US government to prevent attackers from picking up stray RFI and EMI signals from government buildings Reducing the Risk of Fires • In order for a fire to occur. 2e 20 Security+ Guide to Network Security Fundamentals. 2e 18 Security+ Guide to Network Security Fundamentals. how they can be extinguished. and the types of handheld fire extinguishers that should be used • Stationary fire suppression systems that integrate into the building’s infrastructure and release a suppressant in the entire room are used Reducing the Risk of Fires (continued) • Systems can be classified as: – Water sprinkler systems that spray the room with pressurized water – Dry chemical systems that disperse a fine. dry powder over the fire – Clean agent systems that do not harm people. 2e 19 Reducing the Risk of Fires (continued) • Refer to page 355 for the types of fires.

2e 25 . or page or telephone the network manager to indicate that the power has failed – Notify all users that they must finish their work immediately and log off – Prevent any new users from logging on – Disconnect users and shut down the server Security+ Guide to Network Security Fundamentals. 2e 24 Maintaining Utilities (continued) • A UPS can complete the following tasks: – Send a special message to the network administrator’s computer. 2e 22 Security+ Guide to Network Security Fundamentals.Understanding Business Continuity • Process of assessing risks and developing a management strategy to ensure that business can continue if risks materialize • Business continuity management is concerned with developing a business continuity plan (BCP) addressing how the organization can continue in the event that risks materialize Understanding Business Continuity (continued) • The basic steps in creating a BCP: – Understand the business – Formulate continuity strategies – Develop a response – Test the plan Security+ Guide to Network Security Fundamentals. 2e 23 Maintaining Utilities • Disruption of utilities should be of primary concern for all organizations • The primary utility that a BCP should address is electrical service • An uninterruptible power supply (UPS) is an external device located between an outlet for electrical power and another device – Primary purpose is to continue to supply power if the electrical power fails Security+ Guide to Network Security Fundamentals.

Establishing High Availability through Fault Tolerance • The ability to endure failures (fault tolerance) can keep systems available to an organization • Prevents a single problem from escalating into a total disaster • Can best be achieved by maintaining redundancy • Fault-tolerant server hard drives are based on a standard known as Redundant Array of Independent Drives (RAID) Security+ Guide to Network Security Fundamentals. 2e 26 Creating and Maintaining Backups • Data backups are an essential element in any BCP • Backup software can internally designate which files have already been backed up by setting an archive bit in the properties of the file • Four basic types of backups: – Full backup – Differential backup – Incremental backup – Copy backup Security+ Guide to Network Security Fundamentals. 2e 27 Creating and Maintaining Backups (continued) Creating and Maintaining Backups (continued) • Develop a strategy for performing backups to make sure you are storing the data your organization needs • A grandfather-father-son backup system divides backups into three sets: – A daily backup (son) – A weekly backup (father) – A monthly backup (grandfather) Security+ Guide to Network Security Fundamentals. 2e 29 . 2e 28 Security+ Guide to Network Security Fundamentals.

2e 30 Security+ Guide to Network Security Fundamentals. 2e 33 . 2e 31 Creating a Disaster Recovery Plan (DRP) • A DRP is different from a business continuity plan • Typically addresses what to do if a major catastrophe occurs that could cause the organization to cease functioning • Should be a detailed document that is updated regularly • All DRPs are different. but they should address the common features shown in the outline on pages 367 and 368 of the text Security+ Guide to Network Security Fundamentals.Creating and Maintaining Backups (continued) Planning for Disaster Recovery • Business continuity is concerned with addressing anything that could affect the continuation of service • Disaster recovery is more narrowly focused on recovering from major disasters that could cease operations for an extended period of time • Preparing for disaster recovery always involves having a plan in place Security+ Guide to Network Security Fundamentals. 2e 32 Identifying Secure Recovery • Major disasters may require that the organization temporarily move to another location • Three basic types of alternate sites are used during or directly after a disaster – Hot site – Cold site – Warm site Security+ Guide to Network Security Fundamentals.

which can destroy a tape • Be sure backup tapes are located in a secure environment that is adequately protected Security+ Guide to Network Security Fundamentals. 2e 36 Security+ Guide to Network Security Fundamentals. 2e 35 Summary • Adequate physical security is one of the first lines of defense against attacks • Physical security involves restricting with access controls.Identifying Secure Recovery (continued) • A hot site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity • A cold site provides office space but customer must provide and install all equipment needed to continue operations • A warm site has all equipment installed but does not have active Internet or telecommunications facilities Security+ Guide to Network Security Fundamentals. 2e 37 . minimizing social engineering attacks. 2e 34 Protecting Backups • Data backups must be protected from theft and normal environmental elements • Tape backups should be protected against strong magnetic fields. and securing the environment and infrastructure • Business continuity is the process of assessing risks and developing a management strategy to ensure that business can continue if risks materialize Summary (continued) • Disaster recovery is focused on recovering from major disasters that could potentially cause the organization to cease operations for an extended period of time • A DRP typically addresses what to do if a major catastrophe occurs that could cause the organization to cease functioning Security+ Guide to Network Security Fundamentals.

2e 4 . 2e 2 Understanding the Security Policy Cycle • First part of the cycle is risk identification • Risk identification seeks to determine the risks that an organization faces against its information assets • That information becomes the basis of developing a security policy • A security policy is a document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure Security+ Guide to Network Security Fundamentals.Objectives • Define the security policy cycle Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition • Explain risk identification • Design a security policy • Define types of security policies • Define compliance monitoring and evaluation Security+ Guide to Network Security Fundamentals. 2e 3 Understanding the Security Policy Cycle (continued) Security+ Guide to Network Security Fundamentals.

Reviewing Risk Identification • • First step in security policy cycle is to identify risks Involves the four steps: – Inventory the assets – Determine what threats exist against the assets and by which threat agents – Investigate whether vulnerabilities exist that can be exploited – Decide what to do about the risks Security+ Guide to Network Security Fundamentals. the next step is to determine each item’s relative value • Factors to be considered in determining the relative value are listed on pages 386 and 387 of the text • Along with the assets. attributes of the assets need to be compiled Security+ Guide to Network Security Fundamentals. 2e 7 Security+ Guide to Network Security Fundamentals. 2e 5 Reviewing Risk Identification (continued) Security+ Guide to Network Security Fundamentals. 2e 8 . classified as follows: – Physical assets – Software – Personnel – Data – Hardware Asset Identification (continued) • After an inventory of assets has been created and their attributes identified. 2e 6 Asset Identification • An asset is any item with a positive economic value • Many types of assets.

Threat Identification • A threat is not limited to those from attackers. the next question becomes. 2e 9 Security+ Guide to Network Security Fundamentals. but also includes acts of God. 2e 12 . 2e 11 Security+ Guide to Network Security Fundamentals. 2e 10 Threat Identification (continued) Vulnerability Appraisal • After assets have been inventoried and prioritized and the threats have been explored. such as fire or severe weather • Threat modeling constructs scenarios of the types of threats that assets can face • The goal of threat modeling is to better understand who the attackers are. what current security weaknesses may expose the assets to these threats? • Vulnerability appraisal takes a current snapshot of the security of the organization as it now stands Security+ Guide to Network Security Fundamentals. why they attack. and what types of attacks may occur Threat Identification (continued) • A valuable tool used in threat modeling is the construction of an attack tree • An attack tree provides a visual image of the attacks that may occur against an asset Security+ Guide to Network Security Fundamentals.

2e 16 .Vulnerability Appraisal (continued) • To assist with determining vulnerabilities of hardware and software assets. 2e 13 Security+ Guide to Network Security Fundamentals. 2e 14 Risk Assessment (continued) • Formulas commonly used to calculate expected losses are: – Single Loss Expectancy – Annualized Loss Expectancy Risk Assessment (continued) • An organization has three options when confronted with a risk: – Accept the risk – Diminish the risk – Transfer the risk Security+ Guide to Network Security Fundamentals. 2e 15 Security+ Guide to Network Security Fundamentals. use vulnerability scanners • These tools. compare the asset against a database of known vulnerabilities and produce a discovery report that exposes the vulnerability and assesses its severity Risk Assessment • Final step in identifying risks is to perform a risk assessment • Risk assessment involves determining the likelihood that the vulnerability is a risk to the organization • Each vulnerability can be ranked by the scale • Sometimes calculating anticipated losses can be helpful in determining the impact of a vulnerability Security+ Guide to Network Security Fundamentals. available as free Internet downloads and as commercial products.

a policy is needed to mitigate what the organization decides are the most important risks What Is a Security Policy? • A policy is a document that outlines specific requirements or rules that must be met – Has the characteristics listed on page 393 of the text – Correct vehicle for an organization to use when establishing information security • A standard is a collection of requirements specific to the system or procedure that must be met by everyone • A guideline is a collection of suggestions that should be implemented Security+ Guide to Network Security Fundamentals. 2e 18 Balancing Control and Trust • To create an effective security policy. you can consider a standard set of principles • These can be divided into what a policy must do and what a policy should do Security+ Guide to Network Security Fundamentals. 2e 20 .Designing the Security Policy • Designing a security policy is the logical next step in the security policy cycle • After risks are clearly identified. 2e 17 Security+ Guide to Network Security Fundamentals. two elements must be carefully balanced: trust and control • Three models of trust: – Trust everyone all of the time – Trust no one at any time – Trust some people some of the time Designing a Policy • When designing a security policy. 2e 19 Security+ Guide to Network Security Fundamentals.

2e 23 Elements of a Security Policy (continued) Security+ Guide to Network Security Fundamentals. 2e 22 Elements of a Security Policy • Because security policies are formal documents that outline acceptable and unacceptable employee behavior. 2e 24 . 2e 21 Security+ Guide to Network Security Fundamentals.Designing a Policy (continued) Designing a Policy (continued) • Security policy design should be the work of a team and not one or two technicians • The team should have these representatives: – Senior level administrator – Member of management who can enforce the policy – Member of the legal staff – Representative from the user community Security+ Guide to Network Security Fundamentals. legal elements are often included in these documents • The three most common elements: – Due care – Separation of duties – Need to know Security+ Guide to Network Security Fundamentals.

you examine some common security policies: – Acceptable use policy – Human resource policy – Password management policy – Privacy policy – Disposal and destruction policy – Service-level agreement Security+ Guide to Network Security Fundamentals.Due Care • Term used frequently in legal and business settings • Defined as obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them Separation of Duties • Key element in internal controls • Means that one person’s work serves as a complementary check on another person’s • No one person should have complete control over any action from initialization to completion Security+ Guide to Network Security Fundamentals. 2e 25 Security+ Guide to Network Security Fundamentals. 2e 26 Need to Know • One of the best methods to keep information confidential is to restrict who has access to that information • Only that employee whose job function depends on knowing the information is provided access Types of Security Policies • Umbrella term for all of the subpolicies included within it • In this section. 2e 28 . 2e 27 Security+ Guide to Network Security Fundamentals.

2e 32 .Types of Security Policies (continued) Types of Security Policies (continued) Security+ Guide to Network Security Fundamentals. 2e 31 Security+ Guide to Network Security Fundamentals. 2e 30 Types of Security Policies (continued) Acceptable Use Policy (AUP) • Defines what actions users of a system may perform while using computing and networking equipment • Should have an overview regarding what is covered by this policy • Unacceptable use should also be outlined Security+ Guide to Network Security Fundamentals. 2e 29 Security+ Guide to Network Security Fundamentals.

2e 36 . 2e 33 Security+ Guide to Network Security Fundamentals.Human Resource Policy • Policies of the organization that address human resources • Should include statements regarding how an employee’s information technology resources will be addressed Password Management Policy • Although passwords often form the weakest link in information security. 2e 35 Security+ Guide to Network Security Fundamentals. 2e 34 Privacy Policy • Privacy is of growing concern among today’s consumers • Organizations should have a privacy policy that outlines how the organization uses information it collects Disposal and Destruction Policy • A disposal and destruction policy that addresses the disposing of resources is considered essential • The policy should cover how long records and data will be retained • It should also cover how to dispose of them Security+ Guide to Network Security Fundamentals. users should be reminded of how to select and use passwords Security+ Guide to Network Security Fundamentals. they are still the most widely used • A password management policy should clearly address how passwords are managed • In addition to controls that can be implemented through technology.

Service-Level Agreement (SLA) Policy • Contract between a vendor and an organization for services • Typically contains the items listed on page 403 Understanding Compliance Monitoring and Evaluation • The final process in the security policy cycle is compliance monitoring and evaluation • Some of the most valuable analysis occurs when an attack penetrates the security defenses • A team must respond to the initial attack and reexamine security policies that address the vulnerability to determine what changes need to be made to prevent its reoccurrence Security+ Guide to Network Security Fundamentals. 2e 38 Incidence Response Policy • Outlines actions to be performed when a security breach occurs • Most policies outline composition of an incidence response team (IRT) • Should be composed of individuals from: – Senior management – Corporate counsel – Public relations – IT personnel – Human resources Incidence Response Policy (continued) Security+ Guide to Network Security Fundamentals. 2e 39 Security+ Guide to Network Security Fundamentals. 2e 37 Security+ Guide to Network Security Fundamentals. 2e 40 .

2e 42 Summary (continued) • A security policy development team should be formed to create the information security policy • An incidence response policy outlines actions to be performed when a security breach occurs • A policy addressing ethics can also be formulated by an organization Chapter 12: Security Management Security+ Guide to Network Security Fundamentals Second Edition Security+ Guide to Network Security Fundamentals. and ideals each member of an organization must agree to Security+ Guide to Network Security Fundamentals. principles. among others • Main purpose of an ethics policy is to state the values.Ethics Policy • Codes of ethics by external agencies have encouraged its membership to adhere to strict ethical behavior within their profession • Codes of ethics for IT professionals are available from the Institute for Electrical and Electronic Engineers (IEEE) and the Association for Computing Machinery (ACM). 2e 43 . 2e 41 Summary • The security policy cycle defines the overall process for developing a security policy • There are four steps in risk identification: – Inventory the assets and their attributes – Determine what threats exist against the assets and by which threat agents – Determine whether vulnerabilities exist that can be exploited by surveying the current security infrastructure – Make decisions regarding what to do about the risks Security+ Guide to Network Security Fundamentals.

2e 5 . 2e 4 Security+ Guide to Network Security Fundamentals. 2e 3 Understanding Identity Management (continued) Understanding Identity Management (continued) • Four key elements: – Single sign-on (SSO) – Password synchronization – Password resets – Access management Security+ Guide to Network Security Fundamentals.Objectives • Define identity management • Harden systems through privilege management • Plan for change management • Define digital rights management • Acquire effective training and education Understanding Identity Management • Identity management attempts to address problems and security vulnerabilities associated with users identifying and authenticating themselves across multiple accounts • Solution may be found in identity management – A user’s single authenticated ID is shared across multiple networks or online businesses Security+ Guide to Network Security Fundamentals. 2e 2 Security+ Guide to Network Security Fundamentals.

Understanding Identity Management (continued) • SSO allows user to log on one time to a network or system and access multiple applications and systems based on that single password • Password synchronization also permits a user to use a single password to log on to multiple servers – Instead of keeping a repository of user credentials. 2e 9 . 2e 6 Security+ Guide to Network Security Fundamentals. and what brand of condiments to use – This decentralized approach has several advantages. how much to pay employees. what time to close. 2e 8 Security+ Guide to Network Security Fundamentals. including flexibility – A national headquarters tells each restaurant exactly what to sell. when to open. password synchronization ensures the password is the same for every application to which a user logs on Understanding Identity Management (continued) • Password resets reduce costs associated with password-related help desk calls – Identity management systems let users reset their own passwords and unlock their accounts without relying on the help desk • Access management software controls who can access the network while managing the content and business that users can perform while online Security+ Guide to Network Security Fundamentals. and what uniforms to wear (centralized approach) Security+ Guide to Network Security Fundamentals. 2e 7 Hardening Systems Through Privilege Management • Privilege management attempts to simplify assigning and revoking access control (privileges) to users Responsibility • Responsibility can be centralized or decentralized • Consider a chain of fast-food restaurants – Each location could have complete autonomy it can decide whom to hire.

Responsibility (continued) • Responsibility for privilege management can likewise be either centralized or decentralized • In a centralized structure. a group can be created and privileges assigned to the group • As users are added to the group. 2e 11 User Privileges • If privileges are assigned by user. the needs of each user should be closely examined to determine what privileges they need over which objects • When assigning privileges on this basis. the best approach is to have a baseline security template that applies to all users and then modify as necessary Group Privileges • Instead of assigning privileges to each user. 2e 13 . they inherit those privileges Security+ Guide to Network Security Fundamentals. 2e 12 Security+ Guide to Network Security Fundamentals. one unit is responsible for all aspects of assigning or revoking privileges • A decentralized organizational structure delegates authority for assigning or revoking privileges to smaller units. such as empowering each location to hire a network administrator to manage privileges Assigning Privileges • Privileges can be assigned by: – The user – The group to which the user belongs – The role that the user assumes in the organization Security+ Guide to Network Security Fundamentals. 2e 10 Security+ Guide to Network Security Fundamentals.

2e 14 Security+ Guide to Network Security Fundamentals. you can assign permissions to a position or role and then assign users and other objects to that role • The users inherit all permissions for the role Auditing Privileges • You should regularly audit the privileges that have been assigned • Without auditing. 2e 15 Usage Audit • Process of reviewing activities a user has performed on the system or network • Provides a detailed history of every action. the date and time. the name of the user. and other information Usage Audits (continued) Security+ Guide to Network Security Fundamentals. 2e 16 Security+ Guide to Network Security Fundamentals. it is impossible to know if users have been given too many unnecessary privileges and are creating security vulnerabilities Security+ Guide to Network Security Fundamentals.Role Privileges • Instead of setting permissions for each user or group. 2e 17 .

and uncoordinated changes can result in unscheduled service interruptions. 2e 19 Planning for Change Management • Change management refers to a methodology for making changes and keeping track of those changes • Change management involves identifying changes that should be documented and then making those documentations Change Management Procedures • Because changes can affect all users. 2e 18 Security+ Guide to Network Security Fundamentals.Privilege Audit • Reviews privileges that have been assigned to a specific user. group. or role • Begins by developing a list of the expected privileges of a user Escalation Audits • Reviews of usage audits to determine if privileges have unexpectedly escalated • Privilege escalation attack: attacker attempts to escalate her privileges without permission • Certain programs on Mac OS X use a special area in memory called an environment variable to determine where to write certain information Security+ Guide to Network Security Fundamentals. 2e 20 Security+ Guide to Network Security Fundamentals. many organizations create a Change Management Team (CMT) to supervise the changes • Duties of the CMT include those listed on page 427 Security+ Guide to Network Security Fundamentals. 2e 21 .

routers. any change in system architecture. documentation should be securely shredded or disposed of so that it could not be reproduced Security+ Guide to Network Security Fundamentals. they usually include the information shown on pages 427 and 428 of the text Changes That Should Be Documented • Although change management involves all types of changes to information systems. 2e 24 Security+ Guide to Network Security Fundamentals. 2e 22 Security+ Guide to Network Security Fundamentals.Change Management Procedures (continued) • Process normally begins with a user or manager completing a Change Request form • Although these forms vary widely. 2e 25 . such as new servers. or other equipment being introduced into the network Security+ Guide to Network Security Fundamentals. 2e 23 Changes that Should Be Documented (continued) • Other changes that affect the security of the organization should also be documented: – Changes in user privileges – Changes in the configuration of a network device – Deactivation of network devices – Changes in client computer configurations – Changes in security personnel Documenting Changes • Decisions must be made regarding how long the documentation should be retained after it is updated • Some security professionals recommend all documentation be kept for at least three years after any changes are made • At the end of that time. two major types of security changes need to be properly documented • First.

2e 27 Security+ Guide to Network Security Fundamentals. plays.Understanding Digital Rights Management (DRM) • Most organizations go to great lengths to establish a security perimeter around a network or system to prevent attackers from accessing information • Information security can also be enhanced by building a security fence around the information itself • Goal of DRM is to provide another layer of security: an attacker who can break into a network still faces another hurdle in trying to access information itself Content Providers • Data theft is usually associated with stealing an electronic document from a company or credit card information from a consumer • Another type of electronic thievery is illegal electronic duplication and distribution of intellectual property. 2e Enterprise Document Protection • Protecting documents through DRM can be accomplished at one of two levels • First level is file-based DRM. 2e 28 Enterprise Document Protection (continued) • Server-based DRM is a more comprehensive approach – Server-based products can be integrated with Lightweight Directory Access Protocol (LDAP) for authentication and can provide access to groups of users based on their privileges Security+ Guide to Network Security Fundamentals. paintings. and photographs – Considered theft because it deprives the creator or owner of the property of compensation for their work (known as royalties) 26 Security+ Guide to Network Security Fundamentals. 2e 29 . music. focuses on protecting content of a single file – Most document-creation software now allows a user to determine the rights that the reader of the document may have – Restrictions can be contained in metadata (information about a document) Security+ Guide to Network Security Fundamentals. which includes books.

2e 31 How Learners Learn • Learning involves communication: a person or material developed by a person is communicated to a receiver • In the United States. 2e 33 . 2e 32 Security+ Guide to Network Security Fundamentals. 2e 30 Security+ Guide to Network Security Fundamentals.Enterprise Document Protection (continued) Acquiring Effective Training and Education • Organizations should provide education and training at set times and on an ad hoc basis • Opportunities for security education and training: – New employee is hired – Employee is promoted or given new responsibilities – New user software is installed – User hardware is upgraded – Aftermath of an infection by a worm or virus – Annual department retreats Security+ Guide to Network Security Fundamentals. generation traits influence how people learn • Also understand that the way you were taught may not be the best way to teach others How Learners Learn (continued) Security+ Guide to Network Security Fundamentals.

2e 37 . 2e 36 Security+ Guide to Network Security Fundamentals.How Learners Learn (continued) • Most individuals were taught using a pedagogical approach • Adult learners prefer an andragogical approach How Learners Learn (continued) Security+ Guide to Network Security Fundamentals. 2e 34 Security+ Guide to Network Security Fundamentals. 2e 35 Available Resources • Seminars and workshops are a good means of learning the latest technologies and networking with other security professionals in the area • Print media is another resource for learning content • The Internet contains a wealth of information that can be used on a daily basis to keep informed about new attacks and trends Summary • Identity management provides a framework in which a single authenticated ID is shared across multiple networks or online businesses • Privilege management attempts to simplify assigning and revoking access control to users • Change management refers to a methodology for making and keeping track of changes Security+ Guide to Network Security Fundamentals.

2e 3 . prevent attackers from accessing information by building a security fence around the information itself • Education is an essential element of a security infrastructure Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition Security+ Guide to Network Security Fundamentals.Summary (continued) • In addition to a security perimeter around a network or system. 2e 38 Objectives • Define computer forensics • Respond to a computer forensics incident • Harden security through new solutions • List information security jobs and skills Understanding Computer Forensics • Computer forensics can attempt to retrieve information—even if it has been altered or erased— that can be used in the pursuit of the criminal • The interest in computer forensics is heightened: – High amount of digital evidence – Increased scrutiny by legal profession – Higher level of computer skills by criminals Security+ Guide to Network Security Fundamentals. 2e 2 Security+ Guide to Network Security Fundamentals.

Forensics Opportunities and Challenges • Computer forensics creates opportunities to uncover evidence impossible to find using a manual process • One reason that computer forensics specialists have this opportunity is due to the persistence of evidence – Electronic documents are more difficult to dispose of than paper documents Forensics Opportunities and Challenges (continued) • Ways computer forensics is different from standard investigations: – Volume of electronic evidence – Distribution of evidence – Dynamic content – False leads – Encrypted evidence – Hidden evidence Security+ Guide to Network Security Fundamentals. 2e 5 Responding to a Computer Forensics Incident • Generally involves four basic steps similar to those of standard forensics: – Secure the crime scene – Collect the evidence – Establish a chain of custody – Examine and preserve the evidence Securing the Crime Scene • Physical surroundings of the computer should be clearly documented • Photographs of the area should be taken before anything is touched • Cables connected to the computer should be labeled to document the computer’s hardware components and how they are connected • Team takes custody of the entire computer along with the keyboard and any peripherals Security+ Guide to Network Security Fundamentals. 2e 4 Security+ Guide to Network Security Fundamentals. 2e 7 . 2e 6 Security+ Guide to Network Security Fundamentals.

original system should be secured and the mirror image examined to reveal evidence • All exposed data should be examined for clues • Hidden clues can be mined and exposed as well • Microsoft Windows operating systems use Windows page file as a “scratch pad” to write data when sufficient RAM is not available Security+ Guide to Network Security Fundamentals. 2e 11 . the team focuses on the hard drive • Mirror image backup (or bit-stream backup) is an evidence-grade backup because its accuracy meets evidence standards • Mirror image backups are considered a primary key to uncovering evidence. they create exact replicas of the computer contents at the crime scene • Mirror image backups must meet the criteria shown on pages 452 and 453 of the text Security+ Guide to Network Security Fundamentals. 2e 8 Preserving the Data (continued) • After retrieving volatile data. 2e 10 Security+ Guide to Network Security Fundamentals. 2e 9 Establishing the Chain of Custody • As soon as the team begins its work.Preserving the Data • Computer forensics team first captures any volatile data that would be lost when computer is turned off and moves data to a secure location • Includes any data not recorded in a file on the hard drive or an image backup: – Contents of RAM – Current network connections – Logon sessions – Network configurations – Open files Security+ Guide to Network Security Fundamentals. must start and maintain a strict chain of custody • Chain of custody documents that evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence Examining Data for Evidence • After a computer forensics expert creates a mirror image of system.

a different type of slack is created • File slack (sometimes called drive slack): padded data that Windows uses comes from data stored on the hard drive Examining Data for Evidence (continued) Security+ Guide to Network Security Fundamentals. 2e 12 Security+ Guide to Network Security Fundamentals. 2e 13 Examining Data for Evidence (continued) Examining Data for Evidence (continued) Security+ Guide to Network Security Fundamentals. 2e 14 Security+ Guide to Network Security Fundamentals.Examining Data for Evidence (continued) • Slack is another source of hidden data • Windows computers use two types of slack • RAM slack: pertains only to the last sector of a file • If additional sectors are needed to round out the block size for the last cluster assigned to the file. 2e 15 .

2e 18 Security+ Guide to Network Security Fundamentals. 2e 16 Exploring Information Security Jobs and Skills • Need for information security workers will continue to grow for the foreseeable future • Information security personnel are in short supply. sophistication of attacks. firewalls. namely Transmission Control Protocol/Internet Protocol (TCP/IP) • Understanding TCP/IP concepts helps effectively troubleshoot computer network problems and diagnose possible anomalous behavior on a network Security+ Guide to Network Security Fundamentals. those in the field are being rewarded well • Security budgets have been spared the drastic costcutting that has plagued IT since 2001 • Companies recognize the high costs associated with weak security and have decided that prevention outweighs cleanup Security+ Guide to Network Security Fundamentals. 2e 19 . and speed at which they spread continues to grow • Recent attacks include characteristics listed on pages 457 and 458 of the text • Defenders are responding to the increase in the level and number of attacks • New techniques and security devices are helping to defend networks and systems • The most recent developments and announcements are listed on pages 458 and 459 of the text Security+ Guide to Network Security Fundamentals.Hardening Security Through New Solutions • Number of attacks reported. 2e 17 Exploring Information Security Jobs and Skills (continued) • Most industry experts agree security certifications continue to be important • Preparing for the Security+ certification will help you solidify your knowledge and skills in cryptography. and other important security defenses TCP/IP Protocol Suite • One of the most important skills is a strong knowledge of the foundation upon which network communications rests.

2e 20 Security+ Guide to Network Security Fundamentals. they still must send their attack to your computer with a packet • To recognize the abnormal. 2e 22 Security+ Guide to Network Security Fundamentals. you must first understand what is normal Firewalls • Firewalls are essential tools on all networks and often provide a first layer of defense • Network security personnel should have a strong background of how firewalls work.Packets • No matter how clever the attacker is. 2e 23 . 2e 21 Routers • Routers form the heart of a TCP/IP network • Configuring routers for both packet transfer and packet filtering can become very involved Intrusion-Detection Systems (IDS) • Security professionals should know how to administer and maintain an IDS • Capabilities of these systems has increased dramatically since first introduced. how to create access control lists (ACLs) to mirror the organization’s security policy. and how to tweak ACLs to balance security with employee access Security+ Guide to Network Security Fundamentals. making them mandatory for today’s networks • One problem is that IDS can produce an enormous amount of data that requires checking Security+ Guide to Network Security Fundamentals.

” probes vulnerabilities in systems. 2e 24 Security+ Guide to Network Security Fundamentals. routers. how it is scattered in numerous locations. 2e 27 . especially in computer forensics • Skills needed in these areas include knowledge of TCP/IP. and penetration testing Security+ Guide to Network Security Fundamentals. firewalls. packets. IDS. 2e 26 Security+ Guide to Network Security Fundamentals. including volume of electronic evidence. networks. and its dynamic content Summary (continued) • Searching for digital evidence includes looking at “obvious” files and e-mail messages • Need for information security workers will continue to grow. 2e 25 Summary • Forensic science is application of science to questions of interest to the legal profession • Several unique opportunities give computer forensics the ability to uncover evidence that would be extremely difficult to find using a manual process • Computer forensics also has a unique set of challenges that are not found in standard evidence gathering.Other Skills • A programming background is another helpful tool for security workers • Security workers should also be familiar with penetration testing – Once known as “ethical hacking. and applications Computer Forensic Skills • Computer forensic specialists require an additional level of training and skills: – Basic forensic examinations – Advanced forensic examinations – Incident responder skills – Managing computer investigations Security+ Guide to Network Security Fundamentals.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.