Professional Documents
Culture Documents
CompTIA Security+
Get Certified Get Ahead
By Darril Gibson
• Counterattacks
• Don’t do it
• Attackers are dedicated
• Attackers have unlimited time
GetCertifiedGetAhead.com © 2017 YCDA, LLC
IDS vs IPS
• IPS is a preventive control
– Can actively monitor data streams
– Can detect malicious content
– Can stop attacks in progress
• SSL decryptors
– Placed in DMZ between users and Internet
– Allows inspection of content
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Other Tools
• Honeypots and Honeynets
– Used to divert an attacker
– Allow IT administrators an opportunity to observe
methodologies
– Can be useful to observe zero day exploits
• 802.1x port security
– Provides port-based authentication
– Prevents rogue devices from connecting
Demo
• Captive Portals
– Free Internet access
– Paid Internet access
– Alternative to IEEE 802.1x
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Wireless Attacks
• Disassociation attack
– Removes a wireless client from a wireless network
• WPS
– Streamlines process of configuring wireless clients
• WPS attack
– Brute force method to discover WPS PIN
– Reaver
• RFID attacks
– Sniffing or eavesdropping
– Replay
– DoS
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Misconfigured Access Points
• Use WPA2 with CCMP
• Disable WPS
Demo
• Full tunnel
– Encrypts all traffic from client
– Can route client traffic through UTM in private
network for monitoring and protection
GetCertifiedGetAhead.com © 2017 YCDA, LLC
Site-to-Site VPNs
• Gateways as VPN servers
• Mobile devices
• Labs http://gcgapremium.com/501labs/
•
GetCertifiedGetAhead.com © 2017 YCDA, LLC