1 / 315

Security+ Certification

Security+ Certification. ITU / CISSP Two Classes. Network Infrastructure Focuses on the technical items Threats Application, Operational and Organizational Plans, Polices & Procedures What to do to improve Security. About The Book. Security_ Certification Has some Obsolete Links!

rdolores
Download Presentation

Security+ Certification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security+ Certification LTU Security+

  2. ITU / CISSP Two Classes • Network Infrastructure • Focuses on the technical items • Threats • Application, Operational and Organizational • Plans, Polices & Procedures • What to do to improve Security LTU Security+

  3. About The Book • Security_ Certification • Has some Obsolete Links! • CC: http://www.commoncriteria.org • The International CC Project has discontinued the www.commoncriteria.org Information/Knowledge Management Portal.http://www.commoncriteria.com/cc.html • NIST: http://www.csrc.nist.gov/publications Computer Security Resource Center • RFC: http://www.icann.rfceditor.org (Does not exist, references are on the CD!) LTU Security+

  4. The Security+ Certification Program • The Security+ Certification is a testing program sponsored by the Computing Technology Industry Association (CompTIA) that certifies the knowledge of networking technicians who have accumulated 24 months of experience in the information technology (IT) industry. • http://www.comptia.org/certification. LTU Security+

  5. Course in Two Parts • Chapter 1 , "General Networking and Security Concepts," • Chapter 2 , "TCP/IP Basics," • Chapter 3 , "Certificate Basics,“ • encryption and certificates • Public Key Infrastructure (PKI), and certification authorities. • Chapter 4 , "Network Infrastructure Security," • Chapter 5 , "Communications Security," describes ways to secure remote connections using a variety of LTU Security+

  6. Part Two • Chapter 6 , "Application Security," • e-mail, Web browser, and File Transfer Protocol (FTP) clients • Chapter 7 , "User Security," • Chapter 8 , "Security Baselines," • covers measures to increase the security of network and servers • Chapter 9 , "Operational Security," • Chapter 10 , "Organizational Security," • Policies and procedures • Chapter 11 , " Incident Detection and Response," LTU Security+

  7. The Security+ Exam • Anyone can take the Security+ exam. There are no specific requirements or prerequisites, except payment of the fee. • Individuals are permitted to take the exam as many times as they like. • The exam is broken down into five sections, called objective domains. LTU Security+

  8. Domain Area LTU Security+

  9. Agenda • Follow the Book – 5 Chapters • Cover the examination topics – but will emphasis what works and what does not • Some in Class Join Practice Test • When Time Permits – Discussion of Sample Tests • Why topics are important • Homework – yes • Skim the chapter • do some projects • do practice tests and discuss results • Viewgraphs will be available at the end of the course. LTU Security+

  10. Instructor • Jim Bullough-Latsch • jbl@4terrorism.com • 818-775-1015 • Security Experience • Recent security assessments, plans, policies, procedures for Web Systems • Worked on Classified Systems • Architect for Multiple Systems with Sensitive Data • Has plenty of Degrees and Lots of Years • Currently Available for High Priced Consulting! LTU Security+

  11. Why are you here? • What do you know? • What do you want to learn? • Sign In • Email contact etc. LTU Security+

  12. Security Trends – Quick Summary • On-line Business • On-Line Information • Access to Information • Home Land Security • Traditional Closed Systems – New DoD Business LTU Security+

  13. Dollars! • Security = $ LTU Security+

  14. Jim’s Definition of Computer Security • “Protecting tomorrow systems against yesterday’s threats” • Advice – Follow the Money LTU Security+

  15. http://commoncriteria.org http://csrc.nist.gov/ http://iase.disa.mil/policy.html#guides http://niap.nist.gov/ http://sepo.spawar.navy.mil/sepo/index2.html http://us.mcafee.com http://usa.visa.com/business/merchants/cisp_index.html http://v4.windowsupdate.microsoft.com/ http://www.cert.org http://www.criticalsecurity.com http://www.fas.org/irp/doddir/dod/5200-1r http://www.hq.nasa.gov/office/codeq/ns871913.htm http://www.isalliance.org/ http://www.microsoft.com/security http://www.nsa.gov http://www.pogner.demon.co.uk/mil_498 http://www.radium.ncsc.mil/tpep http://www.sans.org/top20/ http://www.symantec.com/ https://sans20.qualys.com/ Resources LTU Security+

  16. General Networking and Security Concepts Corresponds to Chapter 1 LTU Security+

  17. Valuing Your Assets • What is the loss to my company's assets if the company's data is compromised? • What is the loss of intellectual property worth to my company? • What is the loss in revenue or market share? • What is the loss of privacy worth? • What is the damage to my company's reputation worth? LTU Security+

  18. Values • Real value. • Imagine you work for a company that makes tea. If your company has a formula for a special blend of tea and the yearly sales of that tea is $5 million, then you could say that formula has a value of $5 million. Five years from now, coffee might be more popular so the yearly sales of the tea might drop to $2 million. The value of the formula would have dropped from $5 million to $2 million. The information did not change, but the value of the information changed. • Perceived value. • The tea company you work for has a very smart management and marketing group. The management team has a plan for collaborating with a distribution company to increase the availability of the tea across the world. The marketing team has an idea for a marketing campaign that will make the tea more popular and could slow the rise in popularity of coffee. LTU Security+

  19. Confidentiality Integrity Availability - CIA LTU Security+

  20. Understanding the Goal of Security • Confidentiality. Ensures that information is accessed only by authorized personnel. • Integrity. Ensures that information is modified only by authorized personnel. • Availability. Ensures that information and systems can be accessed when needed by authorized personnel. LTU Security+

  21. Manage Risks LTU Security+

  22. Risks, Threats, and Vulnerabilities • Risk • is the exposure to loss or possible injury. With information security, the risk is that your company's information will fall prey to outside forces and cause your company losses in time, money, and reputation. • A threat, • for information security, is any activity that represents possible danger to your information. Threats can take many forms, but any threat poses a danger to the C-I-A triad. In the example of the tea company, another company could steal the formula for the tea, or an employee could sell the formula to another company. • A vulnerability • is a weakness in your information security that could be exploited by a threat; that is, a weakness in your systems and network security, processes, and procedures. With the tea company, the formula for the tea is the valued information. People have to have access to the formula to make the tea and the formula has to be stored somewhere. LTU Security+

  23. Plan and Plan • Place a value on the information. • Identify as many risks as possible and their associated threats and vulnerabilities. • Mitigate the identified risks. • Be aware that there are always things that you overlooked. LTU Security+

  24. Summary • Understand what is to be protected • Confidentiality is assuring information is secure, with access limited to appropriate persons. • Integrity is ensuring information is not accidentally or maliciously altered or destroyed. • Availability is assuring information and communication services will be ready for use when expected. • To mitigate risks, you must determine a value for the information you are protecting and what the potential liability would be if that information were in the wrong hands. The C-I-A triad is a way to remember that the confidentiality, integrity, and availability of information is the concern of every IS specialist, and especially the security specialist. LTU Security+

  25. Sources of Threat • Is the threat due to a disaster of some sort, or is it due to an attack? • If it is an attack, is it the threat coming from someone that works for the company, or from someone outside of the company? • If the threat is from attack, is it a well-known attack? • If the threat is an attack, are you able to identify it by reviewing audit files? • If the threat is an attack, is it a business-related attack? LTU Security+

  26. Threats from Disaster • Natural disasters. • To plan for a natural disaster, you must identity the types of natural disaster that are most likely, determine how often those events occur (historically), and then create a mitigation plan to minimize the impact on your company. The plan might not be implemented, but it should still be identified. • Man-made disasters. • Man-made or fabricated disasters that could affect the C-I-A triad include fire, loss of power, or a structural collapse. Because the meaning of disaster is a sudden or great misfortune, the event would be large and affect more than just information security. The concern and priority is for the safety of the people caught in the disaster, but good planning will help a company recover from the misfortune quicker. • Mishap. • A mishap is defined as an unfortunate accident. If a server fails and the specialists who repair and restore the server are all away, then the C-I-A triad is at risk. Consider the severity and likelihood of the event, whether it is a disaster of epic proportions, or a minor mishap so you can minimize risk. LTU Security+

  27. Threats from Attack • Threats based on the business. Some threats are directly related to the business your company is in; therefore, the attacks that are most likely to occur can be better identified. • Threats that can be verified. Verifiable threats can be identified by data that is captured. • Widely known threats. Some threats are widely known and you can simply read about them. • Internal threats • External threats LTU Security+

  28. Attacks An attack is an attempt to bypass security controls on a computer. The attack could alter, release, or deny data. Attack types vary almost at the speed of light, but most have a name that describes the attack type well. • Denial of service (DoS) • Spoofing. • Man-in-the-middle. • Password guessing. LTU Security+

  29. Malicious Code • Virus. A virus is a program that can replicate, but not propagate, itself. It requires an installation vector, such as an executable file attached to an e-mail message or a floppy disk. A virus infects other programs on the same system and can be transferred from machine to machine through e-mail attachments or some form of media, such as a floppy disk. A virus can destroy data, crash systems, or it can be mostly harmless. • Worm. A worm is a program that can replicate and propagate itself. It propagates itself by infecting other programs on the same system, and also spreading itself to other systems across a network, without the need for an installation vector. A worm can also destroy data, crash systems, or be mostly harmless. • Trojan horse. Generally, a Trojan horse program looks desirable or harmless, but actually does damage. For instance, you might download what you think is a game, but when you run it, you find that it deletes all of the executable files on your hard disk. LTU Security+

  30. Who Is Attacking? • Hacker. The term hacker has two definitions, depending on to whom you are talking. To a programmer, a hacker can be someone who pounds out code that provides a quick solution to a difficult problem. The code might not be eloquently written, but it is functional and effective. To others, a hacker is someone who breaks security on an automated information system or a network. This type of hacker (also known as a cracker) is typically doing something mischievous or malicious, and although they might be trying to break into a system for what they consider a good and higher cause, they are still breaking into a system. • Novice. A novice is someone who aspires to be a hacker, but does not have the technical skills. Typically, a novice will go to a Web site created by a hacker and run a program that attacks a network or computer system. Although a novice attack is usually easily identified and denied, it can provide enough "white noise" to hide evidence that a hacker is attempting a more serious attack on a system or network. LTU Security+

  31. Threats • Hackers (or crackers) trying to break into your network and computers • Malicious code such as a computer virus or Trojan horse • People who work for your company and are unhappy or are being paid to gather and sell your company's information • Fire, flood, hardware failure, or natural disaster • Threats can come from external sources, such as hackers and e-mail messages, but they can also come from sources internal to the company, as is the case with a disgruntled employee or someone who gains physical access to your computers. LTU Security+

  32. Intrusion Points • Intrusion points are areas that provide an access point to your company's information. • Some of these are obvious, but others are not. • For instance, you might realize that you need to install a firewall to protect the internal network and computers from hackers. • If a hacker took a temporary job at your company, the firewall would be of little use. • When identifying intrusion points, you must consider internal threats as well as external threats. LTU Security+

  33. Some internal and external access points • Internal access points • Systems that are not in a secured room • Systems that do not have any local security configured • External access points • Network components that connect your company to the Internet • Applications that are used to communicate across the Internet • Communications protocols LTU Security+

  34. Network Infrastructure • network infrastructure • is all of the wiring, networking devices, and networking services that provide connectivity between the computers in a network. The network infrastructure also provides a way to connect to the Internet, allows people on the Internet to connect to your network, and provides people who work remotely with methods to connect to your network • An external intruder would attack your connection to the Internet using an attack method, such as a DoS attack, or attempting a user name and password that allows them to authenticate. • An internal intruder might connect to an open network jack and attempt to gain access to a server with shared resources that do not require a password. LTU Security+

  35. Applications Used on the Internet • An external intruder might place a virus or worm in an e-mail message and send the message to a user on your internal network. • When opened, a virus might infect the system or provide the intruder with a way to control the system the e-mail was opened on. • An internal intruder might use native operating system utilities to connect to other systems on your internal network that do not require a user name or password to gain access. • They might also use an application such as a Web browser to access confidential information with limited access security. LTU Security+

  36. Communications Protocols • TCP/IP is the protocol suite used for communications on the Internet. • Some attacks work by modifying the structure of the IP packet, but many successful intrusions occur at higher levels in the TCP/IP stack. For instance, an intruder can exploit a Web server using the Hypertext Transfer Protocol (HTTP). Communications protocols provide a common set of rules that computers use when communicating with each other. Some protocols offer no security, whereas others provide varying degrees of security. Intruders use their knowledge of communications protocols to compromise your C-I-A triad. The following are two examples: • An external intruder might attack your company's presence on the Internet by using a DoS attack to disable your Web server. This would cause the information to be inaccessible to your customers. • An internal intruder might disable an e-mail server by causing a flood of e-mail messages to be sent. This would disable the e-mail server so users could not retrieve their e-mail. LTU Security+

  37. Building a Defense • When building a defense, you should use a layered approach that includes securing the network infrastructure, the communications protocols, servers, applications that run on the server, and the file system, and you should require some form of user authentication. • This is very similar to placing family heirlooms in a safe, in a cellar, in a house with a lock on the front door, with a large fence around the house. For someone to take the heirlooms, they would have to get past the fence, through the front door, to the cellar, and into the safe. This would be more difficult than if the heirlooms were placed just inside the fence. • When you configure a strong, layered defense, an intruder has to break through several layers to reach his or her objective. • For instance, to compromise a file on a server that is part of your internal network, a hacker would have to breach your network security, break the server's security, break an application's security, and break the local file system's security. The hacker has a better chance of breaking one defense than of breaking four layers of defense. LTU Security+

  38. Layered Defense LTU Security+

  39. Securing the Network Infrastructure • Securing the network is the first step to creating a strong defense. When securing a network, minimize the number of access points to the network. For instance, if Internet access is required, configure a single access point and put a firewall in place. LTU Security+

  40. Securing Systems • System hardening. • Includes removing unused services, ensuring that the latest security patches and service packs are installed, and limiting the number of people with administrative permissions. Hardening the system minimizes the risk of a security breach to the system. • Application hardening. • Includes applying the latest security patches and enforcing user-level security if available. Applications on a system can be client applications, such as a Web browser, or server applications, such as a Web server application. Hardening the applications on a system minimizes the chance of a security breach using an application. • Enable local file security. • Enabling local-level file security could include applying access control lists (ACLs) or an Encrypting File System (EFS); each would help ensure that only authorized people have access to the sensitive data stored in files on the hard disk. LTU Security+

  41. Securing • Securing Applications • When you secure applications on a server, you ensure that the latest security patches and service packs are installed. You also enable any authentication methods available for the applications. • User Authentication • User authentication verifies that your company's information is being accessed only by authorized users. User authentication can take many forms, but typically employs a user name and password to access information. • Smart Card Authentication • Smart cards offer a two-factor authentication method. With smart cards, the system reads a chip that contains certain information, and then a password or personal identification number (PIN) must be provided to authenticate a user. LTU Security+

  42. Preserving Data • Forensics is applying science to law. For information security, forensics is the investigation and analysis of a computer for the purpose of gathering potential legal evidence. • For this to occur, data has to be preserved, and a strict chain of custody protocol must be followed. • Forensics specialists (typically working for law enforcement agencies) are called in to gather evidence. • You must be aware of the nature of the evidence they are gathering so that you don't inadvertently destroy it. • When electronic evidence is gone, it's gone. LTU Security+

  43. Chain of Custody • When you are preserving data in an attempt to prosecute someone who has breached your security, it is not only important to preserve the data, but also to identify the chain of custody for the evidence collected to ensure it is admissible and defendable in a court of law. • Chain of custody procedures ensure the integrity of the information collected by tracking its handling and storage from the point of collection to final disposition of the evidence. • This procedure is used after you have been attacked and are attempting to collect data that will be used to prosecute the attacker. • For instance, if your company's Web site was hacked and the attackers downloaded an application that you sell, then you would need to collect as much data as possible to prosecute the thief. The data would have to be gathered, handled, and stored properly to be used as evidence. This includes limiting access to the evidence, documenting who handled the evidence, when it was handled, and why it was handled. • Documentation of this process must include the date and purpose each time evidence is handled or transferred, and identification of each individual in the chain of custody. LTU Security+

  44. Human Resource Concerns and Privacy Issues • Managing information security also includes working with the Human Resources department of your company to ensure that when an employee leaves the company, his or her access to the company's data is terminated. • You must be aware of your role in protecting the company by ensuring that you change the former employee's password and revoke his or her access rights. • Privacy issues are a sensitive subject for some employees. These employees feel that what they do with the computer they use in the office is their own business, and believe the e-mail they receive is legally viewable by only them. • According to a Privacy Rights Clearinghouse fact sheet on employee monitoring, employers can do the following: • Monitor what is on a computer screen. • Monitor and review e-mail. • Monitor phone calls. • Maintain and acquire phone records. LTU Security+

  45. TCP/IP Basics Transmission Control Protocol/Internet Protocol (TCP/IP) as it relates to information security – Chapter 2 in the book LTU Security+

  46. LTU Security+

  47. What Is TCP/IP? • TCP/IP is the suite of protocols used to communicate on the Internet. • Each protocol of the TCP/IP protocol suite is associated with a layer of the seven-layer OSI communications model, which is an International Organization for Standardization standard. • The seven layers are the Physical layer, Data Link layer, Network layer, Transport layer, Session Layer, Presentation Layer, and the Application layer. LTU Security+

  48. Layers LTU Security+

  49. 7 Layers • Physical layer. The Physical layer (Layer 1) is typically implemented in hardware and is responsible for placing data bits on and receiving bits from the communications media, such as coaxial cable. • Data Link layer. The Data Link layer (Layer 2) is responsible for converting data packets that are received from the network layer and encoding them into bits. It is also responsible for accepting bits from the physical layer and converting them into data packets. The data packets that are formed into groups of bits are known as frames. This layer is divided into two sub-layers: the Media Access layer (MAC) and the Logical Link Control layer (LLC). The MAC sub-layer controls how a computer on a network gains access to the data, and permission to transmit that data on the network. The LLC sub-layer manages frame synchronization, error checking, and flow control. • Network layer. The Network layer (Layer 3) provides routing and switching capabilities, and creates logical paths between two computers to create virtual circuits. This layer is responsible for routing, forwarding, addressing, internetworking, error handling, congestion control, and packet sequencing. When packets are received from the Transport layer, the Network layer is responsible for ensuring that the packet is small enough to be a valid packet on the underlying network. If the packet is too large, this layer breaks the packet into several packets, and on the receiving computer, this layer places the packets in the proper sequence to reassemble the packet. If the interconnecting devices cannot handle the amount of traffic being generated, this layer also provides congestion control. • Transport layer. The Transport layer (Layer 4) transfers data between end systems or hosts, and is responsible for end-to-end error recovery and flow control between the two end systems. This layer ensures complete data transfer between the two systems. • Session layer. The Session layer (Layer 5) establishes, manages, and terminates connections between applications on two computers. The session layer sets up, coordinates, and terminates all interchanges between applications on both computers. This layer manages session and connection coordination. • Presentation layer. The Presentation layer (Layer 6) provides a heterogeneous operating environment by translating from the application's data format to the underlying network's communications format. This layer is also known as the syntax layer. • Application layer. The Application layer (Layer 7) support end-user and application processes. Communication partners and quality of service levels are identified, user authentication and privacy considered, and any constraints on data syntax identified. LTU Security+

  50. Layers LTU Security+

More Related