Q 1-3 Chapter 1Q 4 Chapter 2Q 5-6 Chapter 3Q 7- 8 Ch.docx

Q 1-3 Chapter 1
Q 4 Chapter 2
Q 5-6 Chapter 3
Q 7- 8 Chapter 4
Q 9-10 Chapter 5
Q 11-13 Chapter 6
Q 14 Chapter 7
Q 15 Chapter 8
Q 16 Chapter 9
Q 17-18 Chapter 10
Q 19 Chapter 11
Q 20 Chapter 13
Q 21-22 Chapter 14
Name________________________________________________
______
1) Briefly list two predominant reasons for the difficulty in
defending against IT related attacks
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________
2. List two of the larger cyber terrorism targets. Why are they
targets and for what?
_____________________________________________________
_____________________________________________________
_____________________________________________________

_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________
3. To justify your large IT budget, you quote to the CFO that
what percentage of attacks often happen from within an
organization:___________
4. Phishing – malware or social engineering ? Why ?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________
5. List 3 good defenses against web application attacks?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
___
6. What is a Denial of Service Attack, and what does an end
user experience when one occurs ?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________

_____________________________________________________
_____________________________________________________
_________________
7. What is a vulnerability scan ?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________
8. Your CFO asks what $10,000 for “Penetration Testing” is for.
You say:
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
9. List two physical securities for devices (where large or small)
_____________________________________________________
_____________________________________________________
_____________________________________________________
__________________________________________
10. Of the 4 major ways to secure an OS, list two

_____________________________________________________
_____________________________________________________
_____________________________________________________
__________________________________________
11. In the principle behind setting up reverse proxy servers,
what is hidden from the outside world and potential attack ?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
12. What is a DMZ, and what is a good use of one?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
13. VLAN, explain why a useful security tool.
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
___
14. What is a good port security technique?
_____________________________________________________
_____________________________________________________
_____________________________________________________

_____________________________________________________
_____________________________________________________
___
15. Wireless Access Point Security. How would you
demonstrate to your leadership that you’ve made good attempts
to secure the access to them. List 2 methods.
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_______________________________
16. What is the relationship between Active Directory and
Group Policy in the Windows World ?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
17. Why would a hacker use a rainbow table?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
18. Biometric authentication, foolproof Y or N, Why ?

_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
19. Encryption of a hard disk possible via what methods
(Hardware, Software or Both)?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
___
20. This is an IT Security Class, what about Business
Continuance is important?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
21. Privileges – Once set, they usually do not change. T or F?
Why?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________

_________________
22. Acceptable Use Policy. It’s usually part of a more
comprehensive security policy. What is it used for?
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_____________________________________________________
_________________
22 Questions @ 4.54 points apiece. Partial Credit given
Security+ Guide to Network Security Fundamentals,
Fourth Edition
Chapter 14
Risk Mitigation
1
Introduction
Risk
Concept at the heart of information security
Multifaceted approach to information security
Control risk through different management techniques
Develop a security policy
User awareness and training
Security+ Guide to Network Security Fundamentals, Fourth
Edition
2

2
Controlling Risk
Privilege
Subject’s access level over an object, such as a file
Privilege management
Process of assigning and revoking privileges to objects
Privilege auditing
Periodically reviewing a subject’s privileges over an object
Objective: determine if subject has the correct privileges
Edition
3
3
Controlling Risk (cont’d.)
Change management
Methodology for making modifications and keeping track of
changes
Ensures proper documentation of changes so future changes
have less chance of creating a vulnerability
Involves all types of changes to information systems
Two major types of changes that need proper documentation
Changes to system architecture
Changes to file or document classification
Edition
4

4
Controlling Risk (cont’d.)
Change management team (CMT)
Body responsible for overseeing the changes
Composed of representatives from all areas of IT, network
security, and upper management
Proposed changes must first be approved by CMT
Incident management
Response to an unauthorized incident
Components required to identify, analyze, and contain an
incident
Edition
5
5
6
MEDITECH Change Control
6
Reducing Risk Through Policies
Security policy
Another means of reducing risks
Important considerations regarding security policies
Understanding what it is
Knowing how to balance trust and control
Understanding the process for designing a policy

Knowing what the different types of policies are
Edition
7
7
What Is a Security Policy?
Document that outlines protections to ensure organization’s
assets face minimal risks
Higher level definition
Set of management statements that define organization’s
philosophy of how to safeguard information
Lower level definition
Rules for computer access and how the rules are carried out
Edition
8
8
What Is a Security Policy? (cont’d.)
Security policy functions
Documents management’s overall intention and direction
Details specific risks and how to address them
Provides controls to direct employee behavior
Helps create a security-aware organizational culture
Helps ensure employee behavior is directed and monitored
Edition
9

9
Designing a Security Policy (cont’d.)
Characteristics of a policy
Communicates a consensus of judgment
Defines appropriate user behavior
Identifies needed tools and procedures
Provides directives for Human Resource action in response to
inappropriate behavior
Helps if necessary to prosecute violators
Consult with outside experts
Edition
10
10
Edition
11
Figure 14-2 Security policy cycle
© Cengage Learning 2012
11
Security policy design should be the work of a team
Development team representatives
Senior level administrator

Member of management who can enforce the policy
Member of the legal staff
Representative from the user community
Team should first decide on policy goals and scope
Also how specific the policy should be;
Servers, endpoints, entry points…
Edition
12
12
Edition
13
13
Policy development guidelines
Notify users in advance of development of and reasons for a
new security policy
Provide affected users an opportunity to review and comment on
policy prior to deployment
Give users with responsibility the authority to carry out their
responsibilities
Edition
14

14
Types of Security Policies (cont’d.)
Acceptable use policy
Policy that defines actions users may perform while accessing
systems
Users include employees, vendors, contractors, and visitors
Typically covers all computer use
Generally considered most important information security
policy
Edition
15
15
Example
Edition
16
16
Security-related human resource policy (cont’d.)
May include statements regarding due process and/or due
diligence
May include statements regarding actions to be taken when
employee is terminated

Password management and complexity policy
Addresses how passwords are created and managed
Reminds users of differences between strong and weak
passwords
Edition
17
17
Disposal and destruction policy
Addresses disposal of confidential resources
Describes how to dispose of equipment, records, and data
Classification of information policy
Designed to produce standardized framework for classifying
information assets
Generally involves creating classification categories
Example: high, medium, low
Edition
18
18
An organization does not set an employee’s values
Does set ethical behavior standards
Ethics policy
Written code of conduct
Guides employees in decision making
Serves as a communication tool to reflect organization’s

commitments
Edition
19
19
Awareness and Training
Providing users with security awareness training
Key defense in information security
Awareness and training topics
Compliance
Secure user practices
Awareness of threats
Edition
20
20
Threat Awareness
Social networking
Grouping individuals based on some sort of affiliation
Can be physical or online
Web sites that facilitate social networking called social
networking sites list here
Increasingly becoming prime targets of attacks
Reasons social networking sites are popular with attackers
Lots of personal data is available

Edition
21
21
Threat Awareness (cont’d.)
Reasons social networking sites are popular with attackers
(cont’d.)
Users are generally trusting
Sites are vulnerable
Security tips for using social networking sites
Consider carefully who is accepted as a friend
Show limited friends a reduced version of your profile
Disable options and reopen only as necessary
Edition
22
22
Training Techniques
Opportunities for security education and training
When new employee is hired
After computer attack has occurred
When employee promoted
During annual department retreat
When new user software is installed
When user hardware is upgraded
Edition
23

23
Summary
Security policies are often broken into subpolicies
Acceptable use policy
Privacy policy
Password management and complexity policy
Disposal and destruction policy
Classification of information policy
Ongoing awareness training provides users with knowledge and
skills necessary to support information security
Edition
24
24
Fourth Edition
Chapter 10
Authentication and Account Management
1
Authentication Credentials
Types of authentication credentials
What you have

Example: key fob to lock your car
What you are
Example: facial characteristics recognized by health club
attendant
What you know
Example: combination to health club locker
Edition
2
2
Edition
3
3
What You Know: Passwords
Passwords are most common type of authentication today
Passwords provide only weak protection
Users must remember passwords for many different accounts
Security policies mandate passwords must expire
Create your own in corporate environments
Now require strong security
Edition
4

4
Attacks on Passwords
Social engineering
Phishing, shoulder surfing, dumpster diving
Capturing
Keylogger, protocol analyzer
Man-in-the-middle and replay attacks
Resetting
Attacker gains physical access to computer and resets password
Online guessing
Not really practical
Edition
5
5
Attacks on Passwords (cont’d.)
Offline cracking
Method used by most password attacks today
Attackers steal file with encrypted password
Compare with encrypted passwords they have created
Offline cracking types
Brute force
Every possible combination of letters, numbers, and characters
used to create encrypted passwords and matched against stolen
file
Slowest, most thorough method
Edition
6

6
Passwords Defense – Not So Much
Common Mutations
capitalizing the first letter of a word;
checking all combinations of upper/lowercase for words;
inserting a number randomly in the word;
putting numbers on the ends of words;
putting numbers on the beginning of words;
putting the same pattern at both ends, like *foobar*;
replacing letters like "o" and "l" with numbers like "0" and "1";
punctuating the end of words;
duplicating the first letter, or all letters in the word;
combining two words together; and
putting punctuation or space between the words.
Dark Reading “How Hackers Will Crack Your Password” –
Robert Graham
7
7
Edition
8
Figure 10-2 Dictionary attack

8
Hybrid attack
Slightly alter dictionary words
Adding numbers to the end of the password
Spelling words backward
Slightly misspelling words
Including special characters
Rainbow tables
Enable malicious hackers to break the encryption protecting
password files
Large pre-generated data set of encrypted passwords
Essentially it is Saved Brute Force passwords
Program runs through dictionary and creates a master list of
hashes for comparison
Edition
9
9
Using the table to crack a password (cont’d.)
Repeat, starting with this initial password until original
encryption is found
Password used at last iteration is the cracked password
Rainbow table advantages over other attack methods
Can be used repeatedly
Faster than dictionary attacks

Less machine memory needed
Requires 100’s of G of space
Edition
10
10
Rainbow table
Edition
11
11
Password Defenses (cont’d.)
Attack program method (cont’d.)
Combines common passwords with common suffixes
Uses 5000 common dictionary words, 10,000 names, 100,000
comprehensive dictionary words
Uses lowercase, initial uppercase, all uppercase, and final
character uppercase
Makes common substitutions for letters in the dictionary words
Examples: $ for s, @ for a
Edition
12

12
General observations to create strong passwords
Do not use dictionary words or phonetic words
Do not use birthdays, family member or pet names, addresses or
any personal information
Do not repeat characters or use sequences
Do not use short passwords
Use combinations of letters, case, numbers and symbols
Ideally a phrase or more than one word
Edition
13
13
Corporate Example
Edition
14
14
Other guidelines
Use non-keyboard characters
Created by holding down ALT key while typing a number on the
numeric keypad

Password supplements
Problem: managing numerous strong passwords is burdensome
for users
One solution: rely on technology to store and manage passwords
Recall single sign on solutions
Edition
15
15
Managing passwords (cont’d.)
Defenses against password file theft
Do not leave computer unattended
Screensavers should be set to resume with a password – same as
cellphone
Password protect the ROM BIOS
Enter the BIOS configuration when starting PC. Press the
prompted key; often, it's an F-Key, Delete, or ESC. Navigate
with the arrow keys, select with Enter, and back out with ESC.
Different BIOS interfaces vary, but look for the security
settings.
Edition
16
16

Managing passwords (cont’d.)
Edition
17
17
Good password management practices (cont’d.)
Physically lock the computer case so it cannot be opened
Never write password down
Use unique passwords for each account
Set up temporary password for another user’s access
Do not allow computer to automatically sign in to an account
Do not enter passwords on public access computers
Never enter a password while connected to an unencrypted
wireless network
Edition
18
18
19
Windows character map
From Start
Type in “character map”
Use these characters for additional security

19
Password supplements (cont’d.)
Browsers contain function that allows user to save passwords
AutoComplete Password in IE
Encrypted and stored in Windows registry
Disadvantages of password supplements
Password information specific to one computer
Passwords vulnerable if another user allowed access to the
computer
Edition
20
20
What You Have: Tokens and Cards
Tokens
Small devices or an app with a window display
Synched with an authentication server
Code is generated from an algorithm
Code changes every 30 to 60 seconds
Edition
21

21
What You Have: Tokens and Cards (cont’d.)
User login steps with a token
User enters username and code from token
Authentication server looks up algorithm associated with that
user, generates its own code, and compares it to user’s code
If a match, user is authenticated
Advantages over passwords
Token code changes frequently
Attacker would have to crack code within time limit
Edition
22
22
Edition
23
Figure 10-5 Code generation and comparison
23
Advantages over passwords (cont’d.)
User may not know if password has been stolen

If token is stolen, it becomes obvious
Steps could be taken to disable account
Token system variations
Some systems use token code only
Others use code in conjunction with password
Some combine PIN with token code
Sharing token card
Edition
24
24
Cards
Smart card contains integrated circuit chip that holds
information
Contact pad allows electronic access to chip contents
Contactless cards
Require no physical access to the card
Common access card (CAC)
Issued by US Department of Defense
Bar code, magnetic strip, and bearer’s picture
Edition
25
25
Edition

26
Figure 10-6 Smart card
26
Edition
27
EMC Chip Cards
EMV - Europay, Mastercard and Visa
Global standard for cards equipped with computer chips and the
technology used to authenticate chip-card transactions
Every time an EMV card is used for payment, the card chip
creates a unique transaction code that cannot be used again
A stolen transaction number cannot be used again
In March 2017, chip-enabled merchants saw a 58 percent drop
in counterfeit fraud compared to a year earlier, according to
Visa
How they are made link here
27
What You Are: Biometrics
Standard biometrics
Uses person’s unique physical characteristics for authentication
Fingerprint scanners most common type
Face, hand, or eye characteristics also used
Fingerprint scanner types
Static fingerprint scanner

Takes picture and compares with image on file
Dynamic fingerprint scanner
Uses small slit or opening
Edition
28
28
Coming to Credit Cards
Edition
29
29
What You Are: Biometrics (cont’d.)
Disadvantages of standard biometrics
Cost of hardware scanning devices
Readers have some amount of error
Reject authorized users – false positive
Accept unauthorized users – false negative
Mobile Offender Recognition and Information System, or
MORIS, is made by BI2 Technologies in Plymouth,
Massachusetts
Police Force use on iPhone/Android
Edition
30

30
Behavioral biometrics
Authenticates by normal actions the user performs
Keystroke dynamics
Dwell Time
Since WWII
Voice recognition
Computer footprinting
Relies on typical access patterns
Geographic location
Time of day
Internet service provider
Basic PC configuration
31
31
Cognitive biometrics
Relates to perception, thought process, and understanding of the
user
Easier for user to remember because it is based on user’s life
experiences
Difficult for an attacker to imitate
Example: identifying specific faces
Example: user selects memorable lifetime events and is asked
for details about them
Predicted to become a key element of authentication in the

future
Edition
32
32
Windows Live ID
Introduced in 1999 as .NET passport
Name changed to Microsoft Passport Network, then Windows
Live ID (Live, Office Live, Xbox Live, MSN)
Designed as an SSO for Web commerce
Authentication process
User enters username and password
User given time limited “global” cookie stored on computer
with encrypted ID tag
ID tag sent to Web site
Edition
33
33
OpenID
Decentralized open source Federated Identity Management (FIM
– networks owned by different sources)
Does not require specific software to be installed on the desktop
URL-based identity system
OpenID provides a means to prove a user owns the URL
Authentication process
User goes to free site and given OpenID account of

Me.myopenID.com
Not considered strong enough for most banking and e-commerce
Web sites
34
34
Open Authorization (OAuth)
Permits users to share resources stored on one site with a
second site
Without forwarding authentication credentials
Allows seamless data sharing among sites
Relies on token credentials
Replaces need to transfer user’s username and password
Tokens are for specific resources on a site
For a limited time period
Usage in Healthcare
Edition
35
35
Account Management
Managing user account passwords
Can be done by setting password rules
Too cumbersome to manage on a user-by-user basis
Security risk if one user setting is overlooked
Preferred approach: assign privileges by group
Microsoft Windows group password settings

Password Policy Settings
Account Lockout Policy
Edition
36
36
Trusted Operating Systems
Trusted operating system (trusted OS)
OS designed to be secure from the ground up
Can keep attackers from accessing critical parts of the system
Can prevent administrators from inadvertently making harmful
changes
Vendors developing trusted OSs
Focusing on securing OS components and other platform
elements
One approach: compartmentalize services within trusted OS for
individual customers
Edition
37
37
Trusted Operating Systems (cont’d.)
OS will have been created, developed, designed, tested, and
evaluated to be sure that we can trust what’s happening inside
of that operating system
Based on something called an Evaluation Assurance Level.
Called Common Criteria for Information Technology Security

Evaluation (CC)
This is an international standard
Achieve an Evaluation Assurance Level
The higher the EALthe more secure a product might be
Range EAL1 through an EAL7
Average 4
Months to Years to certify
10’s to 100’s of thousands of $
Edition
38
38
Fourth Edition
Chapter 6
Network Security
1
Security Through Network Devices
Not all applications designed, written with security in mind
Network must provide protection
Networks with weak security invite attackers
Aspects of building a secure network
Network devices
Network technologies
Design of the network itself

Edition
2
2
Standard Network Devices
Security features found in network hardware
Provide basic level of security
Open Systems Interconnection (OSI) model
Network devices classified based on function
Standards released in 1978, revised in 1983, still used today
Illustrates:
How network device prepares data for delivery
How data is handled once received
Edition
3
3
4
Table 6-1 OSI reference model
Using the seven layers of the OSI model, we can explore more
fully how data can be transferred between two networked
computers
4

Hubs
Connect multiple Ethernet devices together:
To function as a single network segment
Ignorant of data source and destination
Rarely used today because of inherent security vulnerability
5
Switches
Can forward frames sent to that specific device or broadcast to
all devices
Use MAC address to identify devices
Provide better security than hubs
5
Edition
6
Figure 6-1 Port mirroring
6
Standard Network Devices (cont’d.)
Network administrator should be able to monitor network traffic
Helps identify and troubleshoot network problems
Traffic monitoring methods
Port mirroring
Network tap (test access point)
Sniffer Software

Edition
7
7
8
Sniffer Software
Switch Defenses
Use a switch that can close ports with too many MAC addresses
Configure the switch so that only one port can be assigned per
MAC address
Use an ARP detection appliance
Secure the switch in a locked room
Keep network connections secure by restricting physical access
8
Load balancers
Help evenly distribute work across a network
Allocate requests among multiple devices
Ex: port 80 for web HTTP
Laymance Apache Load Balancers
9

9
Load Balancing Security
Security advantages of load balancing
Can stop attacks directed at a server or application
Can detect and prevent denial-of-service attacks
Some can deny attackers information about the network
Hide HTTP error pages
Remove server identification headers from HTTP responses
Edition
10
10
Removing Headers for Server Security
Typically we have 3 response headers which many people want
to remove for security reason.
Server - Specifies web server version.
X-Powered-By - Indicates that the website is "powered by
ASP.NET."
X-AspNet-Version - Specifies the version of ASP.NET used.
msdn blogs
Edition
11
11

Edition
12
Hardware-based network firewall inspects packets
Looks deeply into packets that carry HTTP traffic
Web browsers, FTP
Can block specific sites or specific known attacks
Can block XSS and SQL injection attacks
Firewalls
12
Edition
13
Proxy Servers and Reverse Proxy
Computer or application that intercepts and processes user
requests
Reverse proxy
Routes incoming requests to correct server
Reverse proxy’s IP address is visible to outside users
Internal server’s IP address hidden
Stronger security
Intercept malware
Hide client system’s IP address

13
Edition
14
Figure 6-5 Configuring access to proxy servers
14
Edition
15
Figure 6-6 Reverse proxy
Reverse Proxy Server
I am now the user
15
Network Security Hardware (cont’d.)
Spam filters
Enterprise-wide spam filters block spam before it reaches the
host
Email systems use three protocols
Simple Mail Transfer Protocol (SMTP)
Handles outgoing mail
Post Office Protocol (POP)
Handles incoming mail

Internet Message Access Protocol (IMAP)
Handles reading email from many different devices
Edition
16
16
Edition
Spam filters installed with the SMTP server
Filter configured to listen on port 25
Pass non-spam e-mail to SMTP server listening on another port
Method prevents SMTP server from notifying spammer of failed
message delivery
Roll MS Outlook Junk Email Filter
17
17
Virtual private network (VPN)
Uses unsecured network as if it were secure
All data transmitted between remote device and network is
encrypted
Hardware-based generally have better security
Software-based have more flexibility in managing network
traffic
Edition

18
18
Internet content filters
Monitor Internet traffic
Block access to preselected Web sites and files
Unapproved sites identified by URL or matching keywords
19
19
Edition
20
Web security gateways
Can block malicious content in real time
Block content through application level filtering
Examples of blocked Web traffic
ActiveX objects, Adware, spyware, Peer to peer file sharing,
Script exploits
20
Network intrusion detection system (NIDS)

Watches for attacks on the network
NIDS sensors installed on firewalls and routers:
Gather information and report back to central device
Passive NIDS will sound an alarm
Active NIDS will sound alarm and take action
Actions may include filtering out intruder’s IP address or
terminating TCP session
Edition
21
21
Network intrusion prevention system (NIPS)
Similar to active NIDS
Monitors network traffic to immediately block a malicious
attack
22
22
Demilitarized Zone (DMZ)
Demilitarized Zone (DMZ)
Separate network located outside secure network perimeter
Untrusted outside users can access DMZ but not secure network
Edition
23

23
Edition
24
Figure 6-11 DMZ with one firewall
24
Subnetting
IP address may be split anywhere within its 32 bits
Network can be divided into three parts
Network
Subnet
Host
Each network can contain several subnets
Each subnet can contain multiple hosts
Edition
Improves network security by isolating groups of hosts
Allows administrators to hide internal network layout
25

www.ccnapractice.org
26
26
Virtual LANs (VLAN)
Allow scattered users to be logically grouped together:
Even if attached to different switches
Can isolate sensitive data to VLAN members
Communication on a VLAN
If connected to same switch, switch handles packet transfer
Special “tagging” protocol used for communicating between
switches
Use for internal and telecommuters
Wrap up video roll!
https://www.youtube.com/watch?v=2hUUaG4o3DA
Edition
27
27
Fourth Edition
Chapter 9
Access Control Fundamentals

1
What Is Access Control?
Granting or denying approval to use specific resources
Information system’s mechanism to allow or restrict access to
data or devices
Four standard models
Specific practices used to enforce access control
Edition
2
2
Access Control Terminology
Identification
Presenting credentials
Example: employee badge
Authentication
Checking the credentials
Example: Network Log On
Authorization
Granting permission to take action
Example: allowing access to applications
Access
Allow/Limit to routines within the applications
Edition
3
3

Edition
4
Figure 9-1 Access control process and terminology
4
Access Control Models
Four major access control models
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Role Based Access Control (RBAC)
Rule Based Access Control (RBAC)
Edition
5
5
Access Control Models (cont’d.)
Mandatory Access Control
Most restrictive access control model
Typically found in military settings
Two elements
Labels
Levels
Example of MAC implementation
Windows 7/10 has four security levels

Specific actions by a subject with lower classification require
administrator approval
6
6
Discretionary Access Control (DAC)
Least restrictive model
Every object has an owner
Owners have total control over their objects
Owners can give permissions to other subjects over their objects
Edition
7
7
Edition
8
Figure 9-3 Discretionary Access Control (DAC)
8

Discretionary Access Control (cont’d.)
Used on operating systems such as most types of UNIX and
Microsoft Windows
DAC weaknesses
Relies on decisions by end user to set proper security level
Incorrect permissions may be granted
Subject’s permissions will be “inherited” by any programs the
subject executes
Trojans are a particular problem with DAC
Edition
9
9
Role Based Access Control (RBAC)
Also called Non-discretionary Access Control
Access permissions are based on user’s job function
RBAC assigns permissions to particular roles in an organization
Users are assigned to those roles
Rule Based Access Control (RBAC)
Dynamically assigns roles to subjects based on a set of rules
defined by a custodian
Edition
10
10

Rule Based Access Control (cont’d.)
When user attempts access, system checks object’s rules to
determine access permission
Often used for managing user access to one or more systems
Business/Job changes may trigger application of the rules
specifying access changes
Roll video
ere
Beaufort Memorial here
Edition
11
11
Best Practices for Access Control
Establishing best practices for limiting access
Can help secure systems and data
Examples of best practices
Separation of duties
Job rotation
Least privilege
Implicit deny
Mandatory vacations
Edition
12
12

Best Practices for Access Control (cont’d.)
Separation of duties
Fraud can result from single user being trusted with complete
control of a process
Requiring two or more people responsible for functions related
to handling money
System is not vulnerable to actions of a single person
Job rotation
Individuals periodically moved between job responsibilities
within or outside department
Edition
13
13
Advantages of job rotation
Limits amount of time individuals are in a position to
manipulate security configurations
Helps expose potential avenues for fraud
Individuals have different perspectives and may uncover
vulnerabilities
Reduces employee burnout
Edition
14
14
Least privilege

Limiting access to information based on what is needed to
perform a job function
Should apply to users and processes on the system
Processes should run at minimum security level needed to
correctly function
Edition
15
15
Implicit deny
If a condition is not explicitly met, access request is rejected
Example: network router rejects access to all except conditions
matching the rule restrictions
Mandatory vacations
Limits fraud, because perpetrator must be present daily to hide
fraudulent actions
Audit of employee’s activities usually scheduled during
vacation for sensitive positions
Edition
16
16
Access Control Lists
Set of permissions attached to an object
Specifies which subjects may access the object and what

operations they can perform
When subject requests to perform an operation:
System checks ACL for an approved entry
ACLs viewed in relation to operating system files, network
access
Example Cisco Access List here
0 – 4:19
Edition
17
17
Access Control Lists (cont’d.)
Each entry in the ACL table is called access control entry
(ACE)
ACE structure (Windows)
Security identifier for the user or group account or logon
session
Access mask that specifies access rights controlled by ACE
Flag that indicates type of ACE
Set of flags that determine whether objects can inherit
permissions
Edition
18
18
Group Policies
Microsoft Windows feature

Provides centralized management and configuration of
computers and remote users using Active Directory (AD)
Usually used in enterprise environments
Settings stored in Group Policy Objects (GPOs)
Edition
19
19
Group Policies
Microsoft Windows feature
Edition
20
20
Account Restrictions Tips
Time of day restrictions
Limits the time of day a user may log onto a system
Time blocks for permitted access are chosen
Can be set on individual systems
Account expiration
Orphaned accounts: accounts that remain active after an
employee has left the organization
Dormant accounts: not accessed for a lengthy period of time
Both can be security risks

Edition
21
21
Edition
22
Figure 9-6 Wireless access point restrictions
22
Account Restrictions (cont’d.)
Password expiration sets a time when user must create a new
password
Different from account expiration
Account expiration can be a set date, or a number of days of
inactivity
Edition
23
23
Authentication Services
Authentication
Process of verifying credentials

Authentication services provided on a network
Dedicated authentication server
Or AAA server if it also performs authorization and accounting
Common types of authentication and AAA servers
Kerberos, RADIUS, TACACS, LDAP
Edition
24
24
Edition
25
Figure 9-7 RADIUS authentication
25
Kerberos
Authentication system developed at MIT
Uses encryption and authentication for security
Most often used in educational and government settings
Works like using a driver’s license to cash a check
Kerberos ticket
Contains information linking it to the user
User presents ticket to network for a service
Difficult to copy
Expires after a few hours or a day
Edition

26
26
Kerberos
Edition
27
27
Terminal Access Control Access Control System (TACACS)
Authentication service similar to RADIUS
Developed by Cisco Systems
Commonly used on UNIX devices
Communicates by forwarding user authentication information to
a centralized server
28
28
Lightweight Directory Access Protocol (LDAP)
Directory service
Database stored on a network
Contains information about users and network devices
Keeps track of network resources and user’s privileges to those
resources

Grants or denies access based on its information
Standard for directory services
X.500
Edition
29
29
LDAP
X.500 standard defines protocol for client application to access
the DAP
LDAP
A simpler subset of DAP
Designed to run over TCP/IP
Has simpler functions
Encodes protocol elements in simpler way than X.500
An open protocol
Edition
30
30
LDAP
Image QNAP Tutorials
31

31
Fourth Edition
Chapter 13
Business Continuity
1
What Is Business Continuity?
Organization’s ability to maintain operations after a disruptive
event
Examples of disruptive events
Power outage
Hurricane
Tornado
Security Breach
Business continuity planning and testing steps
Identify exposure to threats
Create preventative and recovery procedures
Test procedures to determine if they are sufficient
Edition
2
2
What Is Business Continuity? (cont’d.)
Succession planning

Determining in advance who is authorized to take over if key
employees die or are incapacitated
Business impact analysis (BIA)
Analyzes most important business functions and quantifies
impact of their loss
Identifies threats through risk assessment
Determines impact if threats are realized
Pathway to continue = ?
Edition
3
3
What Is Business Continuity?
Edition
4
4
Disaster Recovery
Subset of business continuity planning and testing
Also known as contingency planning
Focuses on protecting and restoring information technology
functions
Mean time to restore (MMTR)
Measures average time needed to re-establish services
Disaster recovery activities
Create, implement, and test disaster recovery plans

Edition
5
5
Disaster Recovery Plan
Written document detailing process for restoring IT resources:
Following a disruptive event
Comprehensive in scope
Updated regularly
Example of disaster planning approach
Define different risk levels for organization’s operations based
on disaster severity
Definition of recovery team and their responsibilities
Outline of emergency procedures
Detailed restoration procedures
Edition
6
6
7
Disaster Recovery Planning and Documentation

7
Redundancy and Fault Tolerance
Single point of failure
Component or entity which will disable the entire system if it
no longer functions
Remove single point of failure
Primary mechanism to ensure business continuity
Results in high availability
Expressed as a percentage uptime in a year
Edition
8
8
Redundancy and Fault Tolerance (cont’d.)
Redundancy and fault tolerance
Way to address single point of failure
Building excess capacity to protect against failures
Redundancy planning
Applies to servers, storage, networks, power, sites
Servers
Play a key role in network infrastructure
Failure can have significant business impact
Edition
9
9

Asymmetric vs Symmetric Servers
Asymmetric servers perform no function except to be ready if
needed
Used for databases, messaging systems, file and print services
All servers do useful work in a symmetric server cluster
If one server fails, remaining servers take on failed server’s
work
More cost effective than asymmetric clusters
Used for Web, media, and VPN servers
Edition
10
10
Redundant Array of Independent Devices (RAID)
Uses multiple hard disk drives to increase reliability and
performance
Can be implemented through software or hardware
Several levels of RAID exist
RAID Level 0
RAID Level 1
RAID Level 5
RAID Level 0+1 best for databases ($)
Edition
11
11

Cloud Backup and Local Storage are Better Together
Backup advocates tend to promote a strategy called “3-2-1.”
The essentials of this strategy are simple and intuitive:
Keep at least three copies of your data
Maintain copies on at least two different mediums (i.e., drives
and cloud)
Keep at least one copy offsite
Edition
12
12
Redundant networks
Hardware components are duplicated
Some organizations contract with a second Internet service
provider as a backup
13
Uninterruptible power supply (UPS)
Maintains power to equipment in the event of an interruption in
primary electrical power source
Offline UPS/Generator
Begins supplying power quickly when primary power is
interrupted
Switches back to standby mode when primary power is restored
13

Sites
Backup sites may be necessary if flood, hurricane, or other
major disaster damages buildings
Three types of redundant sites: hot, cold, and warm
Edition
14
14
Data Backups (cont’d.)
Backup software
Can internally designate which files have already been backed
up
Archive bit set to 0 in file properties
If file contents change, archive bit is changed to 1
Types of backups
Full backup, Differential backup,Incremental backup
Edition
15
15
Environmental Controls
Methods to prevent disruption through environmental controls
Fire suppression
Proper shielding

Configuring HVAC systems
Image - Northwest Fire Prevention Services Inc.
16
16
Electromagnetic Interference (EMI) Shielding
Attackers could pick up electromagnetic fields and read data
Faraday cage
Metal enclosure that prevents entry or escape of
electromagnetic fields
Edition
17
17
HVAC
Data centers have special cooling requirements
More cooling necessary due to large number of systems
generating heat in confined area
Precise cooling needed
Heating, ventilating, and air conditioning (HVAC) systems
Maintain temperature and relative humidity at required levels
Controlling environmental factors can reduce electrostatic
discharge
Edition
18

18
What Is Forensics?
Applying science to legal questions
Analyzing evidence
Computer forensics
Uses technology to search for computer evidence of a crime
Reasons for importance of computer forensics
Amount of digital evidence
Increased scrutiny by the legal profession
Higher level of computer skill by criminals
Edition
19
19
Basic Forensics Procedures
Four basic steps are followed
Secure the crime scene
Collect the evidence
Establish a chain of custody
Examine for evidence
Secure the crime scene
Goal: preserve the evidence
Damage control steps taken to minimize loss of evidence
Edition
20

20
Basic Forensics Procedures (cont’d.)
Secure the crime scene (cont’d.)
First responders contacted
Physical surroundings documented
Photographs taken before anything is touched
Computer cables labeled
Team takes custody of entire computer
Team interviews witnesses
Edition
21
21
Preserve the evidence
Digital evidence is very fragile
Can be easily altered or destroyed
Computer forensics team captures volatile data
Examples: contents of RAM, current network connections
Order of volatility must be followed to preserve most fragile
data first
Capture entire system image
Mirror image backup of the hard drive
Meets evidence standards
Edition
22

22
Establish the chain of custody
Evidence maintained under strict control at all times
No unauthorized person given opportunity to corrupt the
evidence
Examine for evidence
Computer forensics expert searches documents
Windows page files can provide valuable investigative leads
Slack and metadata are additional sources of hidden data
here
Edition
23
23
Forensics & Security
Phishing attack
Forensic processes can be used to establish facts such as who
clicked on the link, who was successfully phished/compromised,
and what information was actually accessed or taken
Stolen corporate intellectual property
Forensics helps establish a specific timeline and sequence of
events that can be used by law enforcement to investigate or
prosecute the attacker
Edition
24

24
Fourth Edition
Chapter 4
Vulnerability Assessment
and Mitigating Attacks
1
Edition
Vulnerability Assessment
Systematic evaluation of asset exposure
Attackers
Forces of nature
Any potentially harmful entity
Aspects of vulnerability assessment
Asset identification
Threat evaluation
Vulnerability appraisal
Risk assessment
Risk mitigation
2
2

Edition
Vulnerability Assessment (cont’d.)
Asset identification
Process of inventorying items with economic value
Common assets
People
Physical assets
Data
Hardware
Software
3
3
Edition
4
Table 4-1
Common threat agents
4
Edition
5
Education = identifying attack trees
Attack tree example

5
Edition
6
Vulnerability impact scale
6
Edition
7
Table 4-3 Risk identification steps
7
Assessment Techniques
Baseline reporting
Baseline: standard for solid security
Compare present state to baseline
Note, evaluate, and possibly address differences
Edition
8
8
Assessment Techniques

Application development techniques
Minimize vulnerabilities during software development
Challenges to approach
Software application size and complexity
Lack of security specifications
Future attack techniques unknown
Edition
9
9
Edition
10
10
Assessment Techniques (cont’d.)
Software development assessment techniques
Review architectural design in requirements phase
Conduct design reviews
Consider including a security consultant
Conduct code review during implementation phase
Examine attack surface (code executed by users)
Correct bugs during verification phase
Create and distribute security updates as necessary
Edition
11

11
Edition
12
Software development process
Assessment of Risk During Build
12
Edition
13
13
Edition
14
Commonly used default network ports
Knowledge of what port is being used
Can be used by attacker to target specific service
Port scanner software
Searches system for port vulnerabilities
Firewall Protection

14
Assessment Tools (cont’d.)
Protocol analyzers
Hardware or software that captures packets:
To decode and analyze contents
Also known as sniffers
Common uses for protocol analyzers
Used by network administrators for troubleshooting
Characterizing network traffic
Security analysis
Attacker can use protocol analyzer to display content of each
transmitted packet
Edition
15
15
Edition
16
Figure 4-5 Protocol analyzer

16
Vulnerability Scan
Alert when new systems added to network
Detect when internal system begins to port scan other systems
Maintain a log of all interactive network sessions
Track all client and server application vulnerabilities
Track which systems communicate with other internal systems
Edition
17
17
Honeypots and Honeynets
Honeypot
Computer protected by minimal security
Intentionally configured with vulnerabilities
Contains bogus data files
Goal: trick attackers into revealing their techniques
Honeynet
Network set up with one or more honeypots
18
Image: College of St. Elizabeth
18
Vulnerability Scanning vs.
Penetration Testing
Vulnerability scan

Automated software searches a system for known security
weaknesses
Creates report of potential exposures
Should be conducted on existing systems and as new technology
is deployed
Usually performed from inside security perimeter
Does not interfere with normal network operations
Edition
19
19
Vulnerability Scanners
Edition
20
20
Penetration Testing
Designed to exploit system weaknesses
Relies on tester’s skill, knowledge, cunning
Usually conducted by independent contractor
Tests usually conducted outside the security perimeter
May even disrupt network operations
End result: penetration test report
Edition
21

21
Penetration Testing (cont’d.)
Black box test
Tester has no prior knowledge of network infrastructure
White box test
Tester has in-depth knowledge of network and systems being
tested
Gray box test
Some limited information has been provided to the tester
Roll Video
Edition
22
22
Mitigating and Deterring Attacks
Standard techniques for mitigating and deterring attacks
Creating a security posture
Configuring controls
Hardening
Reporting
Edition

23
23
Mitigating and Deterring Attacks
Standard techniques for mitigating and deterring attacks
Configuring controls
Physical and software
Hardening
Protecting accounts with passwords
Disabling unnecessary accounts
Disabling unnecessary services
Protecting management interfaces and applications
Reporting
Edition
24
24
Reporting
Providing information regarding events that occur
Alarms or alerts
Reporting can provide information on trends
Edition
25

25
Fourth Edition
Chapter 11
Basic Cryptography
1
Defining Cryptography
What is cryptography?
Scrambling information so it appears unreadable to attackers
Transforms information into secure form
Stenography
Hides the existence of data
Image, audio, or video files containing hidden message
embedded in the file
Achieved by dividing data and hiding in unused portions of the
file
Edition
2
2
Edition
3

Figure 11-1 Data hidden by stenography
3
Edition
4
Cryptography Process
4
Cryptographic Algorithms
Three categories of cryptographic algorithms
Hash algorithms
Symmetric encryption algorithms
Asymmetric encryption algorithms
Hash algorithms
Most basic type of cryptographic algorithm
Process for creating a unique digital fingerprint for a set of data
Contents cannot be used to reveal original data set
Primarily used for comparison purposes
Edition
5
5

Cryptographic Algorithms (cont’d.)
Example of hashing (ATMs)
Bank customer has PIN of 93542
Number is hashed and result stored on card’s magnetic stripe
User inserts card in ATM and enters PIN
ATM hashes the pin using the same algorithm that was used to
store PIN on the card
If two values match, user may access ATM
Edition
6
6
Edition
7
Defeating “Man in the Middle”
7
Most common hash algorithms
Message Digest
Secure Hash Algorithm
Whirlpool
RIPEMD
Password hashes

Edition
8
8
Message Digest (MD)
Three versions
Message Digest 2
Takes plaintext of any length and creates 128 bit hash
Padding added to make short messages 128 bits
Considered too slow today and rarely used
Message Digest 4
Has flaws and was not widely accepted
Edition
9
9
Message Digest 5
Designed to address MD4’s weaknesses
Message length padded to 512 bits
Weaknesses in compression function could lead to collisions
Some security experts recommend using a more secure hash
algorithm
Secure Hash Algorithm (SHA)

More secure than MD
No weaknesses identified
Example of HIT certification requirement
Edition
10
10
Whirlpool
Recent cryptographic hash
Adopted by standards organizations
Creates hash of 512 bits
Race Integrity Primitives Evaluation Message Digest (RIPEMD)
Two different and parallel chains of computation
Results are combined at end of process
Edition
11
11
Password hashes
Used by Microsoft Windows operating systems
LAN Manager hash
New Technology LAN Manager (NTLM) hash
Linux and Apple Mac strengthen password hashes by including
random bit sequences

Known as a salt
Make password attacks more difficult
Edition
12
12
Symmetric Cryptographic Algorithms
Original cryptographic algorithms
Stream, Monalphabetic Substitute, Transposition, Combine
(cipher with plain text) – all fairly simple to crack
OTP (One Time Pad) fairly secure if not reused
Block Cipher (8-16) bytes encrypted independently
All cycle intensive
Edition
13
13
Data Encryption Standard
Triple Data Encryption Standard
Advanced Encryption Standard
Several other algorithms
Understanding symmetric algorithms
Same shared single key used to encrypt and decrypt document

Edition
14
14
Data Encryption Standard (DES)
Based on product originally designed in early 1970s
Adopted as a standard by the U.S. government
Triple Data Encryption standard (3DES)
Designed to replace DES
Uses three rounds of encryption
Ciphertext of first round becomes input for second iteration
Most secure versions use different keys used for each round
Edition
15
15
Edition
16
Figure 11-11 3DES
16

Symmetric Cryptographic Algorithms (cont’d.)
Advanced Encryption Standard (AES)
Symmetric cipher approved by NIST in 2000 as replacement for
DES
Official encryption standard used by the U.S. government
Performs three steps on every block of plaintext
Designed to be secure well into the future
Adopted as a certification requirement for HIT in 2008
Edition
17
17
Other Algorithms
Rivest Cipher (RC)
Family of cipher algorithms designed by Ron Rivest
International Data Encryption Algorithm (IDEA)
Used in European nations
Block cipher processing 64 bits with a 128-bit key with 8
rounds
Blowfish
Block cipher operating on 64-bit blocks with key lengths from
32-448 bits
No significant weaknesses have been identified
Edition
18
18
Asymmetric Cryptographic Algorithms

Weakness of symmetric algorithms
Distributing and maintaining a secure single key among
multiple users distributed geographically
Asymmetric cryptographic algorithms
Also known as public key cryptography
Uses two mathematically related keys
Public key available to everyone and freely distributed
Private key known only to individual to whom it belongs
Edition
19
19
Asymmetric Cryptographic Algorithms (cont’d.)
Important principles
Key pairs
Public key
Private key
Both directions
Digital signature
Verifies the sender
Prevents sender from disowning the message
Proves message integrity
Edition
20
20
Edition

21
Figure 11-13 Digital signature
21
Asymmetric Cryptographic Algorithms (cont’d.)
RSA
Published in 1977 and patented by MIT in 1983
Most common asymmetric cryptography algorithm
Uses two large prime numbers
Elliptic curve cryptography (ECC)
Users share one elliptic curve and one point on the curve
Uses less computing power than prime number-based
asymmetric cryptography
Key sizes are smaller
Edition
22
22
Asymmetric Cryptographic Algorithms
Quantum cryptography
Exploits the properties of microscopic objects such as photons
Does not depend on difficult mathematical problems
Any interruption is noticed see video here
NTRUEncypt
New, only been in existence since 1996
Uses lattice-based cryptography

Relies on a set of points in space
Faster than RSA and ECC
More resistant to quantum computing attacks
Still being vetted
Edition
23
23
Using Cryptography
Cryptography
Should be used to secure data that needs to be protected
Can be applied through either software or hardware
Edition
24
24
Encryption Through Software
File and file system cryptography
Encryption software can be applied to one or many files
Protecting groups of files
Based on operating system’s file system
Pretty Good Privacy (PGP)
Widely used asymmetric cryptography system
Used for files and e-mails on Windows systems
GNU Privacy Guard (GPG)
Runs on Windows, UNIX, and Linux
Edition

25
25
Encryption Through Software (cont’d.)
PGP and GPG use both asymmetric and symmetric cryptography
Microsoft Windows Encrypting File System (EFS)
Cryptography system for Windows
Uses NTFS file system
Tightly integrated with the file system
Encryption and decryption transparent to the user
Users can set encryption attribute for a file in the Advanced
Attributes dialog box
Edition
26
26
Encryption Through Software (cont’d.)
Whole disk encryption
Protects all data on a hard drive
Example: BitLocker drive encryption software
Not perfect but one more step
Video heerfre
https://www.youtube.com/watch?v=Tr5SgShepME
Edition
27

27
Hardware Encryption
Software encryption can be subject to attacks to exploit its
vulnerabilities
Cryptography can be embedded in hardware
Provides higher degree of security
Can be applied to USB devices and standard hard drives
Trusted platform module
Hardware security model
Edition
28
28
Hardware Encryption (cont’d.)
USB device encryption
Encrypted hardware-based flash drives
Will not connect a computer until correct password has been
provided
All data copied to the drive is automatically encrypted
Tamper-resistant external cases
Administrators can remotely control and track activity on the
devices
Stolen drives can be remotely disabled
Edition
29
29

Trusted Platform Module (TPM)
Chip on computer’s motherboard that provides cryptographic
services
Includes a true random number generator
Entirely done in hardware so cannot be subject to software
attack
Prevents computer from booting if files or data have been
altered
Prompts for password if hard drive moved to a new computer
Edition
30
30
Hardware Security Module (HSM)
Secure cryptographic processor
Includes onboard key generator and key storage facility
Performs accelerated symmetric and asymmetric encryption
Can provide services to multiple devices over a LAN
One more movie
https://zybersafe.com/video-hardware-based-encryption/
Edition
31
31

Fourth Edition
Chapter 7
Administering a Secure Network
1
Common Network Protocols (cont’d.)
IP
Protocol that functions primarily at Open Systems
Interconnection (OSI) Network Layer (Layer 3)
TCP
Transport Layer (Layer 4) protocol
Establishes connections and reliable data transport between
devices
TCP/IP uses a four layer architecture
Network Interface, Internet, Transport, Application
Edition
2
2
Edition
3
Figure 7-1 OSI model vs. TCP/IP model

3
Internet Control Message Protocol (ICMP)
ICMP
One of the core protocols of TCP/IP
Used by devices to communicate updates or error information to
other devices
Used to relay query messages
Edition
4
Attacks that use ICMP
Network discovery
Smurf DoS attack
ICMP redirect attack
Ping of death
4
Domain Name System (DNS)
DNS video (video)
A TCP/IP protocol that maps IP addresses to their symbolic
name
DNS can be the focus of attacks
DNS poisoning substitutes fraudulent IP address
Can be done in local host table or external DNS server
Latest edition of DNS software prevents DNS poisoning
Zone transfer allows attacker access to network, hardware, and
operating system information
Port 53 – DNS Server zone transfers
Port 67 – Client to Server DNS traffic

Edition
5
5
File Transfer Protocols
FTP vulnerabilities – Ports 20 & 21
Does not use encryption
Files transferred using FTP vulnerable to man-in-the-middle
attacks
Secure transmission options over FTP – Port 115
Secure sockets layer (FTPS) encrypts commands
Secure FTP (SFTP)
Secure Copy Protocol (SCP) – Port 22
Enhanced version of Remote Copy Protocol
Encrypts files and commands
File transfer cannot be interrupted and resumed
Found mainly on Linux and UNIX platforms
Edition
6
6
IPv6 (http://test-ipv6.com/)
Current version of IP protocol is version 4 (IPv4)
Developed in 1981
Number of available IP address is limited to 4.3 billion
Number of internet connected devices grew beyond this number
in 2011

Internet Protocol version 6 (IPv6)
Next generation of IP protocol developed in 1998
Addresses weaknesses of IPv4
Mainly 340 trillion, trillion, trillion
Provides enhanced security features
Cryptographic protocols, New authentication headers prevent IP
packets from being altered
Wireless providers use extensively, Apple Apps required
Edition
7
7
Network Administration Principles
Administering a secure network can be challenging
Rule-based management approach
Relies on following procedures and rules
Rules may be external (applicable laws) or internal
Procedural rules dictate technical rules
Technical rules
Device security
Network management and port security
Example: configuring a firewall to conform to procedural rules
Edition
8
8
Device Security (cont’d.)

Log analysis
Log records events that occur
Monitoring logs can be useful in determining how attack
occurred
System logs and security application logs
Network security logs
Types of security hardware logs
NIDS, NIPS, DNS, proxy servers, and firewalls
Edition
9
9
Edition
10
Firewall Logging
Example Service
http://www.dailymotion.com/video/x29nt7i_firelytics-fortigate-
firewall-log-analyzer_tech
10
Port Security
Disabling unused ports
Turn off ports not required on a network
Often overlooked security technique
Switch without port security allows attackers to connect to
unused ports and attack network

All ports should be secured before switch is deployed
Network administrator should issue shutdown command to each
unused port
Edition
11
11
Port Security (cont’d.)
MAC limiting and filtering
Filters and limits number of media access control (MAC)
addresses allowed on a port
Port can be set to limit of 1
Specific MAC address can be assigned to a port
Enables only single authorized host to connect
12
12
Port Security (cont’d.)
IEEE 802.1x
Standard that provides the highest degree of port security
Implements port-based authentication
Blocks all traffic on a port-by-port basis:
Until client is authenticated
Edition
13

13
Securing Network Applications (cont’d.)
Virtualized environment security concerns (cont’d.)
Security must be in place to accommodate live migration
Some hypervisors do not have necessary security controls to
keep out attackers
Existing security tools do not always adapt well to multiple
virtual machines
External physical appliances not designed to protect multiple
virtual servers
Virtual machines need protection from other virtual machines
running on the same computer
Edition
14
14
Cloud Computing
Pay-per-use computing model
Customers pay for only the resources they need
May revolutionize computing
Unlike hosted services, does not require long-term contracts
Three service models of cloud computing
Cloud software as a service (SaaS)
Cloud platform as a service (PaaS)
Cloud infrastructure as a service (IaaS)HERE
Edition
15

15
Cloud Computing
Broad Term for procurement of computing services
Addressed by 3 Models
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service “SaaS”
On Demand Software
Software, Data and Hardware are Hosted
Uses (just a few)
Office & Messaging software, DBMS software, CAD software
Development software, Virtualization, Collaboration
Enterprise Resource Planning (ERP)
Human Resource Management (HRM)
Content Management (CM), Customer Relationship Management
(CRM)
Electronic Healthcare Record (EHR) systems
Software as a Service “SaaS”
Vendors
Oracle
SAP
Microsoft
MEDITECH
Epic
Commvault
Gartner Group estimates that SaaS revenue is expected to grow

21 percent in 2017 to reach $58.6 billion
(CRM) continues to be the largest market for SaaS
Infrastructure as a Service “IaaS”
Compute Resources and storage plus networking are hosted by a
provider. It is Cloud Computing
Operating System Software, Hardware are Hosted
Uses (just a few)
Operating Systems
Storage
Backup
Vendors
Amazon
Microsoft
Alibaba
Platform as a Service “PaaS”
A framework that companies and developers can use to quickly
and easily build and customize applications
Allows developers to focus on the application software without
having to manage operating systems, software updates, and
other infrastructure matters.
Uses (just a few)
Retail, Consulting, Service Industry
Vendors
Amazon
MS Azure
IBM Cloud
Oracle Cloud
Google Cloud
RedHat Cloud
Cloud Computing (cont’d.)

Cloud computing security challenges
Cloud provider must guarantee means to approve authorized
users and deny imposters
Transmissions from the cloud must be protected
Customers’ data must be isolated from one another
21
21
MEDITECH Community Connect Initial Vision
MEDITECH Community Connect
6x CS MG
1700+ customers
HL7 (Summaries)
27% Info Hi-way
Slide1: Reminder Slide for Howard, Helen, Michelle. Why: To
keep pace with industry and competitor offerings which
centralize connectivity for a diverse client base, create savings
in terms of reduction of myriad P2P connections, easier to
update/maintain. Pricing discussions around which cloud
technology (PPI, Amazon, Microsoft) – is this MEDITECH as a

Platform ?
MEDITECH Community Connect
HL7 Data, FHIR Data, Direct Summaries, E-prescribing,
Notifications, Public Health, Professional Consulting Services,
Business and Clinical Analytics for Community Population
Health, Patient Engagement, ACO’s
MEDITECH Community Connect Scalable Vision
Slide2: Vision (Affirmed by customers/industry) to entice
customer base to join and actually position our customers to
better share with larger HIE Consortiums (Commonwell,
Healtheway, CDC, SSA, States, International). Tie it all
together for future growth. All connections (E-prescribing/HL7
(Data Express)/CCD/ONC Direct/FHIR/Commonwell) and in

additional revenue generating professional services. JS: May
want to add text stating something to affect of that eventually
all MT sites (Platform agnostic) would connect to/use the MCC
module to manage connections, store data and access analytics
(Basically state your vision and than have the diagram supports
that)
Fourth Edition
Chapter 8
Wireless Network Security
1
Wireless Network Security
Wireless data communications have revolutionized computer
networking
Wireless data networks found virtually everywhere
Wireless networks have been targets for attackers
Early wireless networking standards had vulnerabilities
Changes in wireless network security yielded security
comparable to wired networks
Edition
2
2

Blue Tooth
Bluetooth ( )
Wireless technology
Uses short-range radio frequency transmissions
Provides for rapid, ad-hoc device pairings
Example: smartphone and Bluetooth headphones, Bose Mini etc
Personal Area Network (PAN) technology
Two types of Bluetooth network topologies
Piconet
Scatternet
Edition
3
3
Bluetooth
Piconet
Established when two Bluetooth devices come within range of
each other
One device (master) controls all wireless traffic
Other device (slave) takes commands
Active slaves can send transmissions
Parked slaves are connected but not actively participating
4

4
Scatternet
Group of piconets with connections between different piconets
5
Bluetooth
5
Edition
6
Bluejacking
Attack that sends unsolicited messages to Bluetooth-enabled
devices
Text messages, images, or sounds
Considered more annoying than harmful
No data is stolen
Popular in Europe
Guerilla Marketing
Bluetooth Attacks
6
Wireless Attacks (cont’d.)
Bluesnarfing
Unauthorized access to wireless information through a
Bluetooth connection

Often between cell phones and laptops
Attacker copies e-mails, contacts, or other data by connecting to
the Bluetooth device without owner’s knowledge
http://www.youtube.com/watch?v=KfZ7Ek409LM
https://www.youtube.com/watch?v=6iIqB-LI1go
Edition
7
7
Bluesnarfing
Unauthorized access to wireless information through a
Bluetooth connection
Often between cell phones and laptops
Attacker copies e-mails, contacts, or other data by connecting to
the Bluetooth device without owner’s knowledge
http://www.youtube.com/watch?v=KfZ7Ek409LM
https://www.youtube.com/watch?v=6iIqB-LI1go
All patched years ago
However…
Edition
8
8

Edition
9
Good news is that most phones have patches
Next attack surface is Echo, Google Home devices
Patches available also
Best bet, disengage BlueTooth when in public
9
Wireless History
Institute of Electrical and Electronics Engineers (IEEE)
Most influential organization for computer networking and
wireless communications
Dates back to 1884
Began developing network architecture standards in the 1980s
1997: release of IEEE 802.11
Standard for wireless local area networks (WLANs)
Higher speeds added in 1999: IEEE 802.11b
Edition
10
10
Wireless LAN
IEEE 802.11a
Specifies maximum rated speed of 54Mbps using the 5GHz
spectrum

IEEE 802.11g
Preserves stable and widely accepted features of 802.11b
Increases data transfer rates similar to 802.11a
IEEE 802.11n
Ratified in 2009
Speed – up to 300Mbps in real world competing networks
Coverage area – double a, b, g
Edition
11
11
Wireless LAN
Access point (AP) major parts
Base Station for wireless network
Antenna and radio transmitter/receiver send and receive
wireless signals
Bridging software to interface wireless devices to other devices
Wired network interface allows it to connect by cable to
standard wired network
12
12
Wireless LAN Attacks
Wireless broadband routers
Single hardware device containing AP, firewall, router, and
DHCP server
Wireless networks have been vulnerable targets for attackers

Not restricted to a cable
Types of wireless LAN attacks
Discovering the network
Attacks through the RF spectrum
Attacks involving access points
Edition
13
13
Wireless LAN Attacks (cont’d.)
Discovering the network
One of first steps in attack is to discover presence of a network
Beaconing
AP sends signal at regular intervals to announce its presence
and provide connection information
Wireless device scans for beacon frames
War driving
Process of passive discovery of wireless network locations
14
14
War chalking
Documenting and then advertising location of wireless LANs
for others to use
Previously done by drawing on sidewalks or walls around
network area
Today, locations are posted on Web sites

Edition
15
15
Evil twin
AP set up by an attacker
Attempts to mimic an authorized AP
Attackers capture transmissions from users to evil twin AP
Some discovery tools available
EvilAP_Defender
Always use a VPN, creating an encrypted tunnel between your
computer and a third-party server, preventing snoopers from
intercepting information enroute.
l
Edition
16
16
Combat Attacks - MAC Address Filtering
Method of controlling WLAN access
Limit a device’s access to AP
Media Access Control (MAC) address filtering
Used by nearly all wireless AP vendors
Permits or blocks device based on MAC address
Vulnerabilities of MAC address filtering
Addresses exchanged in unencrypted format

Attacker can see address of approved device and substitute it on
his own device
Managing large number of addresses is challenging
Edition
17
17
Edition
18
Figure 8-7 MAC address filtering
Combat Attacks - MAC Address Filtering
18
Wireless Security Types
Each device must be authenticated prior to connecting to the
WLAN
Ranking the current Wi-Fi security methods available on any
modern (post-2006) router, ordered from best to worst:
WPA2 + AES
WPA + AES
WPA + TKIP/AES (TKIP is there as a fallback method)
WPA + TKIP
WEP
Open Network (no security at all)
Ideally, you’ll disable Wi-Fi Protected Setup (WPS) and set
your router to WPA2 +AES.

Source: HowtoGeek.com
19
19
Wi-Fi Protected Access 2 (cont’d.)
AES encryption and decryption
Should be performed in hardware because of its computationally
intensive nature
IEEE 802.1x authentication
Originally developed for wired networks
Provides greater degree of security by implementing port
security
Blocks all traffic on a port-by-port basis until client is
authenticated
Edition
20
20
Other Wireless Security Steps
Antenna placement
Locate near center of coverage area
Place high on a wall to reduce signal obstructions and deter
theft
Power level controls
Some APs allow adjustment of the power level at which the
LAN transmits
Reducing power allows less signal to reach outsiders

Edition
21
21
Organizations are becoming increasingly concerned about
existence of rogue APs
Rogue access point discovery tools
Security personnel can manually audit airwaves using wireless
protocol analyzer
Continuously monitoring the RF airspace using a wireless probe
Types of wireless probes
Wireless device probe
Desktop probe
Edition
22
22
Types of wireless probes (cont’d.)
Access point probe
Dedicated probe
Wireless virtual LANs (VLANs)
Organizations may set up to wireless VLANs
One for employee access, one for guest access
Configured in one of two ways
Depending on which device separates and directs the packets to
different networks

Good Read: How to Secure Your Home
Krackhere
Review OnGuardOnline.gov
23
23
Fourth Edition
Chapter 5
Host, Application, and Data Security
1
Securing the Host
Three important elements to secure
Host (network server or client)
Applications
Data
Securing the host involves:
Protecting the physical device
Securing the operating system software
Using security-based software applications
Monitoring logs
Edition
2

2
Securing Devices
Prevent unauthorized users from gaining physical access to
equipment
Aspects of securing devices
Physical access security
Host hardware security
Mobile device security
Edition
3
3
Securing Devices
Cipher lock
More sophisticated alternative to key lock
Combination sequence necessary to open door
Can be programmed to allow individual’s code to give access at
only certain days or times
Records when door is opened and by which code
Can be vulnerable to shoulder surfing
Often used in conjunction with tailgate sensor
Edition
4
4

Securing Devices (cont’d.)
Alternative access method: physical token
ID badge may contain bearer’s photo
ID badge emits a signal identifying the owner
Proximity reader receives signal
RFID tags
Can be affixed inside ID badge
Read by an RFID proximity reader
Picture LegHorn RFID
5
5
Video surveillance
Closed-circuit television (CCTV)
Fencing
Edition
6
6
Hardware security
Laptops may be placed in a safe cabinet
Edition

7
7
Mobile device security
Many security provisions that apply to laptops apply to mobile
devices
Mobile devices’ unique security features
Remote wipe / sanitation
GPS tracking
Edition
8
8
Securing the Operating System Software
Five-step process for protecting operating system
Develop the security policy
Perform host software baselining
The standard configuration for all others in the organization
Configure operating system security and settings
Deploy the settings
Implement patch management

Edition
9
9
Securing the Operating System Software (cont’d.)
Develop the security policy
Document(s) that clearly define organization’s defense
mechanisms
Edition
10
10
Perform host software baselining
Baseline: standard or checklist against which systems can be
evaluated
Configuration settings that are used for each computer in the
organization
Edition
11
11

Configure operating system security and settings
Hundreds of different security settings can be manipulated
Typical configuration baseline
Changing insecure default settings
Eliminating unnecessary software, services, protocols
Enabling security features such as a firewall
Edition
12
12
Deploy the settings
Security template: collections of security configuration settings
Process can be automated
Group policy
Windows feature providing centralized computer management
A single configuration may be deployed to many users
Edition
13
13
Hotfix addresses specific customer situation
Service pack accumulates security updates and additional
features
Implement patch management
Modern operating systems can perform automatic updates
Patches can sometimes create new problems

Vendor should thoroughly test before deploying
Windows SP’s typically adopted months or weeks later
Edition
14
14
Edition
15
Windows Server 2012 patching
15
Edition
16
Figure 5-8 Automated patch update service
Microsoft: WSUS
16
Securing with Anti-Malware/Spam
Software that examines a computer for infections
Scans new documents that might contain viruses

Searches for known virus patterns
Block attachments
17
17
Firewalls
Firewall
May be hardware or software-based
Host-based software firewall runs on local system
Microsoft Windows 7 firewall
Three designations for networks: public, home, or work
Presentsoftware blogspot
18
18
Monitoring System Logs
Log: record of events that occur
Log entries
Contain information related to a specific event
Audit log can track user authentication attempts
Access log can provide details about requests for specific files
Monitoring system logs
Useful in determining how an attack occurred and whether
successfully resisted
Edition
19

19
Microsoft free press image 10-23
20
Administering Windows Server 2012 R2: Monitoring and
Auditing
20
Application Security
Aspects of securing applications
Application development security
Application hardening
Patch management
Edition
21
21
Application Development Security
Verify user responses to the application
Could cause program to abort
Necessary to check for XSS, SQL, or XML injection attacks
Input validation
Performed after data entered but before destination is known
Not possible to know which characters are potentially harmful

Edition
22
22
Application Development Security (cont’d.)
Patch management
Users unaware of the existence of patches or where to acquire
them
Vendor Notification
More application patch management systems are being
developed today
Edition
23
23
Application Security
Edition
24
24
Securing Data
Work today involves electronic collaboration
Data must flow freely

Data security is important
Data loss prevention
System of security tools used to recognize and identify critical
data and ensure it is protected
review “Right Management Services (RMS)”
Azure Video
Goal: protect data from unauthorized users
Edition
25
25
Right Management Services
Edition
26
Increased Need due to:
Increased regulation
Consumerization of IT (CoIT)
“Bring Your Own Device” (BYOD)
Explosion of information with dispersed enterprise data
Social Enterprise and Media and its applications enabling new
collaboration, analytics scenarios, etc.
Growing needs to protect sensitive information.
At the same time, enterprises have a need to securely share that
same information amongst appropriate employees and other
individuals within and outside the corporate network.
Capabilities
Create and consume protected content such as e-mail and
documents of any type

26
Securing Data (cont’d.)
Data loss prevention typically examines:
Data in use (example: being printed)
Data in motion (being transmitted) – “IPSec”, “BlockChain”
Data at rest (stored) – review “BitLocker” & “EFS”
Content inspection
Security analysis of transaction
Takes context into account
Edition
27
27
Edition
28
Figure 5-11 DLP architecture
28
Edition
29
Roll Symantec DLP Video
https://www.youtube.com/watch?v=1EURubSiiHw

29
Fourth Edition
Chapter 3
Application and Network Attacks
1
Application Attacks
Attacks that target applications
Category continues to grow
Web application attacks
Client-side attacks
Buffer overflow attacks
Zero day attacks
Exploit previously unknown vulnerabilities
Victims have no time to prepare or defend
Edition
2
2
Web Application Attacks
Web applications an essential element of organizations today

Approach to securing Web applications
Hardening the Web server
Enhance security of the OS/System Services
Protecting the network
DMZ and proxy servers externally facing
Edition
3
3
Edition
4
User web browser requests access to page via web server that
then hits an application server. This then sends traffic to a web
application to which then steers to internal databases
How it is supposed to work
4
Edition
5
Because the content of HTTP transmissions is not examined,
attackers use this protocol to target flaws in Web application
software

Q 1-3 Chapter 1Q 4 Chapter 2Q 5-6 Chapter 3Q 7- 8 Ch.docx

Q 1-3 Chapter 1Q 4 Chapter 2Q 5-6 Chapter 3Q 7- 8 Ch.docx

Recommended

Recommended

More Related Content

Similar to Q 1-3 Chapter 1Q 4 Chapter 2Q 5-6 Chapter 3Q 7- 8 Ch.docx

Similar to Q 1-3 Chapter 1Q 4 Chapter 2Q 5-6 Chapter 3Q 7- 8 Ch.docx (20)

More from makdul

More from makdul (20)

Recently uploaded

Recently uploaded (20)

Q 1-3 Chapter 1Q 4 Chapter 2Q 5-6 Chapter 3Q 7- 8 Ch.docx