CIW Security

Copyright 2010 Certification Partners, LLC -- All Rights Reserved
Web Security
Associate
Lesson 1:
What Is Security?
Web Security Associate
Lesson 1 Objectives
1. Define security
2. Identify the importance of network security
3. Identify potential risk factors for data security,
including improper authentication
4. Identify security-related organizations, warning
services and certifications
5. Identify key resources that need specialized
security measures
6. Identify the general types of security
threat/attacker
7. Select security equipment and software based on
ease of use
Network Security Background
Internet-related security threats:
Security problems with browsers
Attacks by hackers
Threats from viruses
Internet inherently insecure
Network Security Background
Sophistication of Tools vs. Technical Knowledge
What Is Security
Local area networks (LANs)
Wide area networks (WANs)
Virtual private networks (VPNs)
Network perimeters
Illicit servers (service or daemon installed on a host, allow unauthorized remote users)
Trojans (e.g. Netbus170 form https://packetstormsecurity.com)
Security as a condition is the degree of resistance to, or protection from, harm. It
applies to any vulnerable and valuable asset, such as a person, dwelling,
community, nation, or organization. Establishing or maintaining a sufficient degree
of security is the aim of the work, structures, and processes called "security.
Security in a networking environment is the ability to identify and eliminate threats
and vulnerabilities.
CIW:
Wikipedia:
Hacker Statistics
(www.cert.org/stats)
Reported incidents have risen steadily:
From 252 in 1990
To 9,859 in 1999
To 137,529 in 2003
Total vulnerabilities cataloged have also risen steadily:
From 417 in 1999
To 3,784 in 2003
To 7,236 in 2007

According to U.S. Federal Bureau of investigation (www.fbi.gov)
Losses due to security breaches are estimated at $67.2
billion (2005)
The Myth of
100-Percent Security
Balance in security
Security policies
Attributes of an
Effective Security Matrix
Allows access control
Access given to legitimate users only
Max. the ability to communicate and Min. possibility of hacker access
Min. the possibility for damage in the event of hacker access
Easy to use
Appropriate cost of ownership
Initial cost, upgrading cost and services
Cost of administration, no. of employees, skill level
Flexible and scalable
Allows the company to do the business
The system can grow as the company grows
Superior alarming and reporting
Logs and notifications
alerts to administrators

What You Are
Trying to Protect
Assets to protect:
End-user resources
Windows XP, 2003, Linux or Macintosh hosts used by employees.
Potential Threat: Viruses, Trojans, and java applets can damage local
systems. End users can also introduce problems through illicit activity
Network resources
Routers, Switches, Wiring closets, telephony
Potential Threat: IP spoofing, system snooping and obtaining information
Server resources
Potential Threat: Unauthorized entry, interrupted service and Trojans.
Server resources are the primary in most cases
Information-storage resources
Human resources and e-commerce database
Potential Threat: Obtaining trade secrets, customer data and so forth.
Who Is the Threat?
Casual attackers
thrill seeker (he/she hacking systems simply because it is there
They can be stopped with the proper application of security
Determined attackers
The will gain access to your system, regardless of difficulty or
consequences
Get access via internet or by manipulating careless or uninformed
employee
Spies and industrial espionage
Their aim is to gain information or disrupt service
Auditing is the most effective tool to stop such hackers
Using auditing result to contact the law enforcement agencies such as
local authorities.
End users
End users constitute the first line of defense in network security
End users may cause network problem through ignorance, carelessness,
or luck of effective and continual awareness training
To solve:

short training at the time of hire continual training Reminders
Explain common procedures Do not ignore end user
Security Standards
Security Services (ISO 7498-2)
Defines the security as minimizing the vulnerability of assets and resources
Authentication
Access control
Data confidentiality
Data integrity
Non-repudiation
Security mechanisms
Other government and industry standards in
addition to ISO 7498-2
Lesson 1 Summary
Define security
Identify the importance of network security
Identify potential risk factors for data security,
Identify security-related organizations, warning
services and certifications
Identify key resources that need specialized
security measures
Identify the general types of security
threat/attacker
Select security equipment and software based on
ease of use
Lesson 2:
Elements of Security
Lesson 2 Objectives
1.1.7: Identify ways in which increased security mechanisms can
result in increased latency
1.1.8: Define the significance of a security policy
1.1.9: Identify and develop basic components of an effective
security policy
1.1.10: Identify the key user authentication methods
1.1.11: Define the significance of access control methods
1.1.12: Define the functions of access control lists (ACLs) and
execution control lists (ECLs)
1.2.1: Identify the three main encryption methods used in
internetworking
1.2.5: Identify the importance of auditing
1.2.6: Select security equipment and software based on ease of
use
1.2.7: Identify security factors related to transmission of
unencrypted data across the network
1.2.9: Identify the significance of encryption in enterprise networks

Security Elements
and Mechanisms
Audit Administration
Encryption Access Control
User Authentication
Corporate Security Policy
Elements of effective security
The Security Policy
Allows you to build an effective security
infrastructure

It must provide guidance for the entire
organization and is the first line of defense in
establishing secure systems use

It should not conflict with bussiness goal
The Security Policy
To reduce the risk, you should take the following steps:
Classify systems
Prioritize resources
Assign risk factors
Define acceptable and unacceptable
activities
Define security measures to apply to
resources
Define education standards for employees
Determine who is responsible for
administering the policies
The Security Policy
Classify systems
You must identify and then classify systems and Data
based on their importance to the organization
Level 1: central to business operation e.g.
Web server, Employee Database, e-mail
server
Level 2: needed but are not critical to daily
operation. Though they cannot be down for
long, a day or two of lost time would not
cripples the company
Level 3: whose loss does not affect operations
e.g. A user PC desktop
The Security Policy
After classification, you should create a prioritized threat
list and an action list, prioritized by system, in your security
implementation plan.

The Security Policy
After classification, you should create a prioritized threat
list and an action list, prioritized by system, in your security
implementation plan.

Assign risk factors
A risk factor is the likelihood that a hacker would
attack a resource.
Risk factors should be determined for each resource
you have defined
Rule: the more sensitive the resource, the higher the risk
factor.

People
drive
Policy

Policy
Guides
Technology

technology
serves
People
Policy and Technology
The Security Policy
Define acceptable and unacceptable activities
The security implementation should specify both
acceptable (permitted) and unacceptable (forbidden)
activity. It varies form one organization to another.

Define security measures to apply to resources
You must determine the appropriate security
techniques for each elements in your network
E.g. Firewall and using encryption
List the measures that you will implement with each
resource, e.g. implement packet filtering

The Security Policy
Define education standards for employees
The best way to achieve effective security is to teach the
members of an organization about the key security
principles.

Determine who is responsible for administering the
policies
The security policy should list the parties responsible for
securing specific systems
Separating security management form system
administration helps ensure that audits are properly
conducted and that goal are met.

Determining Backups
To recover data lost due to an attack:

Enable a backup device
e.g. Imaging server, Tape backup, external Hard
disk, etc.
Enable a backup service
Backup data to a third party (online)
Encryption
It is the process of making something
readable only to the intended recipients.

It can be occur at both the network and
document levels

Encryption
Encryption categories

Symmetric (private key cryptography)
Uses the same key for encryption and decryption

Asymmetric (public key cryptography)
Encrypt data using a key pair (private & public key)
One used to encrypts, the other used to decrypt

Hash
Encrypts data using a mathmatical equation called
a hash function
Creates a hash code, which is a fixed-length
representation of a message
Encryption
Unencrypted data can be sniffed by packet sniffers
(e.g. wireshark)
Encryption services
Data confidentiality
To ensure that only the intended recipients of
information can view it.
Data integrity
Using hash to determine if the data has been modified
Authentication
Digital signature provide authentication (who are you)
Non-repudiation
Digital signatures allow users to prove that an
information exchange actually occurred.
Encryption
Encryption strength
It is based on three factors
Algorithm strength
Use tested industry standard

Security of the key
No algorithm will protect you form compromised key

Length of the key
The greater length of the key, the longer it will take
to break.
Adding a bit to the length of the key double the
number of possible keys (2
n
)

Authentication
Authentication methods
What you know
Password, pin code, etc.
What you have
Entry card, smart cad, token, etc.
Who you are
The science of mapping physical, biological
characteristics to individual identity.
e.g. fingerprint, hand geometry, voice
recognition, retinal scans, Iris scans, face
recognition and Vascular patterns.
Where you are
The weakest authentication, based on your
location (e.g. your IP local or outside)

Specific
Authentication Techniques

Kerberos
Its a key management scheme that authenticates
unknown principals who want to communicate with
each other securely (e.g. people, servers,
One-time passwords (OTP)
Access Control
Access Control List (ACL)
Objects
Common permissions
Execution Control List (ECL)
Sandboxing
Auditing
Passive auditing
Active auditing
Security Tradeoffs
and Drawbacks
Increased complexity
Slower system response time
Consider:
Ease of installation
An intuitive interface
Effective customer support
Lesson 2 Summary
1.1.7: Identify ways in which increased security mechanisms can
result in increased latency
1.1.8: Define the significance of a security policy
1.1.9: Identify and develop basic components of an effective
security policy
1.1.10: Identify the key user authentication methods
1.1.11: Define the significance of access control methods
1.1.12: Define the functions of access control lists (ACLs) and
execution control lists (ECLs)
1.2.1: Identify the three main encryption methods used in
internetworking
1.2.6: Select security equipment and software based on ease of
use
1.2.7: Identify security factors related to transmission of
unencrypted data across the network
1.2.9: Identify the significance of encryption in enterprise networks
Lesson 3:
Applied Encryption
Lesson 3 Objectives
1.2.2: Define symmetric (private-key) encryption
1.2.3: Define asymmetric (public-key) encryption, including
distribution schemes, Public Key Infrastructure (PKI)
1.2.4: Define one-way (hash) encryption
1.2.8: Identify the function of parallel processing in relation
to cryptography
1.2.10: Identify the impact of encryption protocols and
procedures on system performance
1.2.11: Create a trust relationship using public-key
cryptography
1.2.12: Identify specific forms of symmetric, asymmetric and
hash encryption, including Advanced Encryption
Standard (AES)
1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu Privacy
Guard (GPG) in Windows and Linux/UNIX systems
Reasons to Use Encryption

Make data confidential

Help authenticate users

Ensure data integrity
Creating Trust
Relationships
Applying encryption means establishing a trust
relationship between hosts

Public keys are distributed using two methods

Manually
e.g. e-mail
Automatically
e.g. SSL and IPsec
Symmetric-Key
Encryption
One key is used to encrypt and decrypt
messages
Benefits
Fast and strong
Difficult to change the key regularly
Drawbacks
Key distribution

Symmetric-Key Algorithms
Data Encryption
Standard (DES)
Triple DES
Symmetric
algorithms created
by RSA Security
Corporation
International Data
Encryption
Algorithm (IDEA)
Blowfish
Twofish
Skipjack
MARS
Rijndael
Serpent
Advanced
Encryption
Standard (AES)
Asymmetric-Key
Encryption
Uses a key pair in the encryption process. A key
pair is a mathematically matched key set in
which one half of the pair encrypts, and the
other half decrypts (what A encrypts, B decrypts
and what B encrypts, A decrypts)
Benefits
So difficult/time consuming to get private key form public key
Public key can be distributed via the Internet
Drawbacks
Slow (intensive Mathematical equitation required)
Asymmetric-Key
Encryption
How do browsers use public-key encryption?
After your Web browser recognizes that a
Web servers certificate has been assigned
by trusted authority, the SSL session
automatically, as long as the browser verifies
that:

The certificate has been signed by a trusted authority
The Web server has the same name as given un the certificate
The certificate is still valid and has not expired

If any of these checks fails, most of Web browsers will warn you and
ask if you want to proceed

Asymmetric-Key
Encryption
Asymmetric-key encryption elements
RSA
DSA
Diffie-Hellman
One-Way (Hash)
Encryption
Signing data
Hash algorithms
MD2, MD4 and MD5
Secure hash algorithm
MD5sum utility (Linux)
Applied
Encryption Processes
E-mail
PGP and GPG
Secure MIME
Proprietary asymmetric encryption
Encrypting drives
Secure Sockets Layer (SSL) and Secure
HTTP
Transport Layer Security / Secure Sockets
Layer (TLS/SSL)
Encryption Review
Encryption
Authentication
Key
Symmetric-key (private-key) encryption
Asymmetric-key (public-key) encryption
Message integrity by hash mark and signature
Lesson 3 Summary
1.2.2: Define symmetric (private-key) encryption
1.2.3: Define asymmetric (public-key) encryption,
including distribution schemes, Public Key
Infrastructure (PKI)
1.2.4: Define one-way (hash) encryption
1.2.8: Identify the function of parallel processing in relation
to cryptography
1.2.10: Identify the impact of encryption protocols and
procedures on system performance
1.2.11: Create a trust relationship using public-key
cryptography
1.2.12: Identify specific forms of symmetric, asymmetric
and hash encryption, including Advanced
Encryption Standard (AES)
1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu Privacy
Guard (GPG) in Windows and Linux/UNIX systems
Lesson 4:
Types of Attacks
Lesson 4 Objectives
1.4.3: Identify specific types of security
attacks
1.4.4: Identify a brute-force attack
1.4.5: Identify a dictionary attack
1.4.6: Identify routing issues and security
1.4.7: Determine the causes and results of
a denial-of-service (DOS) attack
1.4.8: Recognize attack incidents
1.4.9: Distinguish between illicit servers
and trojans
Network Attack Categories
Brute force
Dictionary
System bugs
Back doors
Malware
Social engineering
Denial of service (DOS)
Distributed denial of
service (DDOS)
Spoofing
Scanning
Man in the middle
Bots and botnets
SQL injection
Brute-Force and
Dictionary Attacks
Brute-force attack
Repeated access attempts
Dictionary attack
Customized version of brute-force attack
System Bugs
and Back Doors
Bug
Unintentional flaw in a program
Back door
Deliberately-placed opening in an
operating system
Buffer overflow
Malware
(Malicious Software)
Viruses
Worms
Trojans and root kits
Illicit servers
Logic bombs
Zero-day attacks
Managing viruses, worms and illicit programs
Avoiding viruses, worms and trojans
Social Engineering Attacks
Call and ask for password
Fake e-mail
Phishing
Pharming
Securing desktops
Denial-of-Service (DOS) Attacks
Flooding
Malformed packets
Teardrop/Teardrop2
Ping of Death
Land attack
Miscellaneous attacks
Physical denial-of-service attacks
Distributed Denial-of-Service (DDOS) Attacks
Components:
Controlling application
Illicit service
Zombie
Target
Smurf and Fraggle attacks
Ways to diagnose DOS and DDOS attacks
Mitigating vulnerability and risk
Unintentional DOS
Spoofing Attacks
IP spoofing
ARP spoofing
DNS spoofing
Spoofing and traceback
Protecting against spoofing attacks
Scanning Attacks
Stack fingerprinting and operating system
detection
Sequence prediction
Network Mapper (Nmap)
Man-in-the-Middle Attacks
Packet sniffing and network switches
Connection hijacking
Registration hijacking
Voicemail compromises
Impersonated calls
DNS and ARP cache poisoning
Avoiding man-in-the-middle attacks
Bots and Botnets
Bot
Software application that runs automated,
repetitive tasks over the Internet
Botnet
Group of computers infected with a bot
Avoiding bot attacks
SQL Injection
SQL injection
Hacking technique in which malicious
code is inserted into SQL command strings
Preventing SQL injection attacks
Auditing
Checking password databases regularly
Checking log files
Scanning systems
Identifying information leakage
Necessary information
Unnecessary information
Lesson 4 Summary
1.4.3: Identify specific types of security
attacks
1.4.4: Identify a brute-force attack
1.4.5: Identify a dictionary attack
1.4.7: Determine the causes and results of
a denial-of-service (DOS) attack
1.4.9: Distinguish between illicit servers
and trojans
Lesson 5:
Recent Networking
Vulnerability Considerations
Lesson 5 Objectives
1.1.3: Identify potential risk factors for data security,
1.4.3: Identify specific types of security attacks

Additional topics:
Security issues associated with wireless network
technologies
Security issues associated with convergence networking
technologies
Security issues associated with Web 2.0 technologies
Additional security issues, including greynet applications,
data at rest, trusted users within an organization,
anonymous downloads and indiscriminate link-clicking
Wireless Network
Technologies and Security
Wireless Ethernet elements
Wireless signals
FHSS
DSSS
OFDM
IEEE 802.11
Wireless Standards
802.11 (WiFi)
802.11a
802.11b
802.11e
802.11g
802.11h
802.11i
802.11n (most current)

Wireless Networking Modes
Ad-hoc mode
Infrastructure mode
Wireless access points (APs)
Wireless cells
Authentication types in wireless networks
BSSID
SSID
Wireless AP beacon
Host association

Wireless
Application Protocol (WAP)
WAP services:
Uniform scripting standards for wireless
devices
A method of encrypting devices from
WAP-enabled phones
Wireless Transport Layer Security (WTLS):
WTLS benefits
Problems with WTLS
Languages used in WAP
Wireless
Network Security Problems

Cleartext transmission
Access control
Unauthorized APs and wireless systems
Corporate users participating in ad hoc
networks
Weak and/or flawed encryption
Encryption and network traffic
War driving
Wireless
Network Security Solutions
WEP
MAC address filtering
WPA2 (802.11i)
IEEE 802.1x
RADIUS
Physical and configuration solutions
Site Surveys
Authorized site surveys
Site surveys after implementation
Unauthorized site surveys
War driving/war walking
Examples of site surveying software
Convergence
Networking and Security
Convergence technologies and equipment:
Private Branch Exchange (PBX)
Voice over IP (VoIP) devices
End-user telephone connections
Virtual LANs (VLANs)
VLAN hopping
Firewall conflicts
DNS loops
Web 2.0 Technologies
Ajax
Wikis
Blogs
Really Simple Syndication (RSS)
Podcasts
Folksonomy
Greynet Applications
Instant messaging (IM)
Peer-to-peer (P2P) applications
File transfer and the 8.3 naming convention
Securing IM and P2P
Vulnerabilities
with Data at Rest
Data on network drives and in network shares
Data on vulnerable systems
Database data and SQL injection
Security Threats
from Trusted Users
Security breaches due to:
Carelessness
Noncompliance with established security
measures
Following inadequate security policies

Anonymous Downloads
and Indiscriminate Link-Clicking
Poisoned Web sites
Drive-by downloads
Guidelines to help avoid contact with
poisoned Web sites
Lesson 5 Summary
1.4.3: Identify specific types of security attacks

Additional topics:
Security issues associated with wireless network
technologies
Security issues associated with convergence networking
technologies
Security issues associated with Web 2.0 technologies
Additional security issues, including greynet applications,
data at rest, trusted users within an organization,
anonymous downloads and indiscriminate link-clicking
Lesson 6:
General Security Principles
Lesson 6 Objectives
1.3.1: Identify the universal guidelines and
principles of effective network security
1.3.2: Define amortization and chargeback
issues related to network security
architectures
1.3.3: Use universal guidelines to create
effective specific solutions
Common
Security Principles
Be paranoid
Have a security
policy
No system or
technique stands
alone
Minimize damage
Deploy company-
wide enforcement
Provide training
Integrate security
strategies
Place equipment
according to needs
Identify security
business issues
Consider physical
security
Lesson 6 Summary
1.3.1: Identify the universal guidelines and
principles of effective network security
1.3.2: Define amortization and chargeback
issues related to network security
architectures
1.3.3: Use universal guidelines to create
effective specific solutions
Lesson 7:
Protocol Layers
and Security
Lesson 7 Objectives
1.3.4: Identify potential threats at different
layers of the TCP/IP stack
1.3.7: Secure TCP/IP services, including
HTTP, FTP
1.4.7: Determine the causes and results of a
denial-of-service (DOS) attack
TCP/IP Security Introduction
TCP/IP protocol stack
TCP/IP and network security
OSI Reference Model Review
Application layer
Presentation layer
Session layer
Transport layer
Network layer
Data link layer
Physical layer
Data Encapsulation
The TCP/IP Stack
and the OSI Reference Model
Link/Network Access Layer
Media that defines this layer:
Fiber
Coaxial cable
Twisted pair
Free space (infrared, short-range wireless,
microwave, satellite)
Network topologies
Network/Internet Layer
Internet Protocol (IP)
Packets are not signed
Packets are not encrypted
Packets can be manipulated easily
Internet Control Message Protocol (ICMP)
ICMP message types
Why block ICMP?
Transport Layer
Transmission Control Protocol (TCP)
The TCP handshake
The TCP header
Establishing a TCP connection:
SYN and ACK
Terminating a TCP connection:
FIN and ACK
User Datagram Protocol (UDP)
Ports
Application Layer
File Transfer Protocol (FTP)
Active FTP
Passive FTP
Hypertext Transfer Protocol (HTTP)
Telnet
Simple Network Management Protocol
(SNMP)
Domain Name System (DNS)
Additional application layer protocols
Protocol Analyzers
Monitor network traffic to identify network
trends
Identify network problems and send alert
messages
Identify specific problems
Test network connections, devices and
cables
Lesson 7 Summary
1.3.4: Identify potential threats at different
layers of the TCP/IP stack
1.3.7: Secure TCP/IP services, including
HTTP, FTP
1.4.7: Determine the causes and results of a
denial-of-service (DOS) attack
Lesson 8:
Securing Resources
Lesson 8 Objectives
1.3.5: Consistently apply security principles
1.3.6: Identify ways to protect operating systems,
routers and equipment against physical attacks
1.3.7: Secure TCP/IP services, including HTTP, FTP
1.3.8: Identify the significance of testing and
evaluating systems and services
1.3.9: Identify network security management
applications, including network scanners,
operating system add-ons, log analysis tools
1.4.7: Determine the causes and results of a denial-of-
service (DOS) attack
TCP/IP
Security Vulnerabilities
Internet Protocol version 4 (IPv4)
Internet Protocol version 6 (IPv6)
Determining which IP version to implement
Implementing Security
Publish the security policy
Categorize resources and needs
Secure each resource and service
Log, test and evaluate
Repeat the process and keep current
Resources and Services
Protecting services
Protect against profiling
Coordinate methods and techniques
Protect services by changing default
settings
Remove unnecessary services
Protecting TCP/IP Services
Specialized accounts
The Web Server
CGI scripts
CGI and programming
Securing Apache2
FTP servers
Access control
Simple Mail
Transfer Protocol (SMTP)
The Internet Worm
Buffer overflows
The Melissa virus
Access control for e-mail
E-mail and virus scanning
Physical Security
Protecting the network against common
physical attacks
Ensuring access control
Securing wireless cells
Shielding network equipment
Securing removable media
Controlling the environment
Fire detection and suppression
Testing Systems
Testing existing systems
Implementing a new system or testing a new
security setting
Security
Testing Software
Specific tools
Network scanners
Operating system add-ons
Logging and log analysis tools
Security and Repetition
Understanding the latest exploits
Continually improve and test your security
system
Lesson 8 Summary
1.3.5: Consistently apply security principles
1.3.6: Identify ways to protect operating systems,
routers and equipment against physical attacks
1.3.7: Secure TCP/IP services, including HTTP, FTP
1.3.8: Identify the significance of testing and evaluating
systems and services
1.3.9: Identify network security management
applications, including network scanners,
operating system add-ons, log analysis tools
1.4.7: Determine the causes and results of a denial-of-
service (DOS) attack
Lesson 9:
Firewalls and
Virtual Private Networks
Lesson 9 Objectives
1.4.2: Define IPSec concepts
1.5.1: Define the purpose and function of various firewall
types
1.5.2: Define the role a firewall plays in a company's
security policy
1.5.3: Define common firewall terms
1.5.4: Identify packet filters and their features
1.5.5: Identify circuit-level gateways and their features
Lesson 9 Objectives (contd)
1.5.6: Identify application-level gateways and their
features
1.5.7: Identify features of a packet-filtering firewall,
including rules, stateful multi-layer inspection
1.5.8: Identify fundamental features of a proxy-based
firewall (e.g., service redirection, service passing,
gateway daemons), and implement proxy-level
firewall security
1.5.9: Define the importance of proxy caching related
to performance
1.6.1: Implement a packet-filtering firewall
1.6.2: Customize your network to manage hacker
activity
Definition and
Description of a Firewall
Firewall
Demilitarized zone (DMZ)
Daemon
The Role of a Firewall
Implement a companys security policy
Create a choke point
Log Internet activity
Limit network host exposure
Firewall Terminology
Packet filter
Proxy server
Application-layer proxy
Circuit-level proxy
Network Address Translation (NAT)
Bastion host
Operating system hardening
Screening and choke routers
Demilitarized zone (DMZ)
Web security gateway
Firewall Configuration Defaults
By default, a firewall can be configured to
either:
Deny all traffic, in which case you would
specify certain types of traffic to allow in
and out of your network
Allow all traffic, in which case you would
specify certain types of traffic to deny
Creating
Packet Filter Rules
Process
Rules and fields
Standard FTP clients and creating packet filter
rules
Passive FTP clients and packet filter rules
Packet Filter
Advantages and Disadvantages
Drawbacks
Stateful multi-layer inspection
Popular packet-filtering products
Using the ipchains and iptables commands in
Linux
Configuring
Proxy Servers
Recommending a proxy-oriented firewall
Proxy server advantages and features
Authentication
Logging and alarming
Caching
Fewer rules
Reverse proxies and proxy arrays
Proxy server drawbacks
Client configuration
Speed
URL Filtering
Techniques to filter outbound URLs
Techniques to filter inbound URLs
Remote Access and
Virtual Private Networks (VPNs)
Three types of VPNs:
Workstation-to-server
Firewall-to-firewall
Workstation-to-workstation
Tunneling protocols
Internet Protocol Security (IPsec)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
VPN vulnerabilities
Public Key
PKI standards
Based on X.509 standard
PKI terminology
Certificates
Lesson 9 Summary
1.4.2: Define IPSec concepts
1.5.1: Define the purpose and function of various
firewall types
1.5.2: Define the role a firewall plays in a company's
security policy
1.5.4: Identify packet filters and their features
1.5.5: Identify circuit-level gateways and their features
Lesson 9 Summary (contd)
1.5.6: Identify application-level gateways and their
features
1.5.7: Identify features of a packet-filtering firewall,
including rules, stateful multi-layer inspection
1.5.8: Identify fundamental features of a proxy-based
firewall (e.g.; service redirection, service passing,
gateway daemons), and implement proxy-level
firewall security
1.5.9: Define the importance of proxy caching related
to performance
1.6.2: Customize your network to manage hacker
activity
Lesson 10:
Levels of
Firewall Protection
Lesson 10 Objectives
1.5.1: Define the purpose and function of
various firewall types
1.6.2: Customize your network to manage
hacker activity
Designing a Firewall
Firewall design principles
Keep design simple
Make contingency plans
Types of Bastion Hosts
Single-homed bastion host
Dual-homed bastion host
Triple-homed bastion host
Internal bastion hosts
Hardware Issues
Choosing the operating system
Firewall appliances
Services
Daemons
Proxy servers
Common
Firewall Designs
Screening routers
Screened host firewall (single-homed bastion)
Screened host firewall (dual-homed bastion)
Screened subnet firewall (demilitarized zone)
Common
Firewall Designs
Screening routers
Common
Firewall Designs
Screened host firewall (single-homed bastion)
Common
Firewall Designs
Screened host firewall (dual-homed bastion)
Common
Firewall Designs
Screened subnet firewall (demilitarized zone)
Modern Firewall Design
Lesson 10 Summary
1.5.1: Define the purpose and function of
various firewall types
hacker activity
Lesson 11:
Detecting and
Distracting Hackers
hacker activity
1.6.3: Implement proactive detection
1.6.4: Distract hackers and contain their
activity
1.6.5: Deploy tripwires and other traps on a
network host
Proactive
Detection
Automated security scans
Login scripts
Automated auditing
Distracting the Hacker
Dummy accounts
Dummy files
Dummy password files
Tripwire scripts
Automated checksums
Jails

Deterring the Hacker
Methods for deterring hackers
Log traffic and send e-mail messages
Conduct reverse scans
Drop the connection
Contact the ISP
Tools for responding to hackers
Problems with retaliation
Lesson 11 Summary
hacker activity
1.6.3: Implement proactive detection
1.6.4: Distract hackers and contain their
activity
1.6.5: Deploy tripwires and other traps on a
network host
Lesson 12:
Incident Response
1.6.6: Respond appropriately to a security
breach
1.6.7: Identify security organizations that can
help in case of system attack
1.6.8: Subscribe to respected security alerting
organizations
1.6.9: Identify appropriate authorities to
contact regarding data theft and other
attacks
Creating an
Incident Response Policy
Decide ahead of time
Do not panic
Document everything
Determining if
an Attack Has Occurred
Determine the scope of the breach
Find out if the hacker at
Stage 1 (discovery)
Stage 2 (penetration)
Stage 3 (control, and spreading to other system)
Stop or contain activity
Executing
the Response Plan
Notifying affected individuals
Breaking the link or creating a jail
Notifying appropriate authorities
Contacting the hackers
Tracing connections and conducting other
checks to future map the hackers activity
Reconfiguring the firewall
Notifying Internet agencies
Analyzing and Learning
Ask questions of everyone involved
Record specific lessons you have learned
Update your security policy
Lesson 12 Summary
1.6.6: Respond appropriately to a security
breach
1.6.7: Identify security organizations that can
help in case of system attack
1.6.8: Subscribe to respected security alerting
organizations
1.6.9: Identify appropriate authorities to
contact regarding data theft and other
attacks
What Is Security?
Elements of Security
Applied Encryption
Types of Attacks
Recent Networking Vulnerability Considerations
General Security Principles
Protocol Layers and Security
Securing Resources
Firewalls and Virtual Private Networks
Levels of Firewall Protection
Detecting and Distracting Hackers
Incident Response

CIW Security

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CIW Security

Încărcat de

Drepturi de autor:

Formate disponibile

Copyright 2010 Certification Partners, LLC -- All Rights Reserved

S-ar putea să vă placă și