Computer Security
Computer security is a field of computer science concerned with the control of risks related to computer use.
Network vs. Host Security
Type I (something you know) password, Type II (something you have) keys, token, Type III (something you are) biometrics
1. Identify
2. Authenticate
3. Authorize
Threats
Internal vs. External Threats
Hackers vs. Cracker
Pen Testing – Penetration Testing
White Hat - Legalized Hacking
Black Hat – Illegal Hacking
Gray Hat – in the middle of White and Black Hat Testing
Physical Security – Physical protection of your networks
Access Badge
ACL (Access Control List) MAC Mandatory Access Control, DAC Discretionary Access Control, RBAC Role/Rule Based Access
Alarms
Biometrics (Fingerprints, Retina, Palm, Voice, Body)
Bright Lights
Cameras (Web, CCTV, Security, IP Based, Hidden)
CCTV (Close Circuit Television)
Codes
Dogs
Doors
Electronic Locks
Fence
Gates
Guards
Keys
Locks
Logical Security
Magnetic Stripe Card
Man Trap
Motion Sensors
Smart cards
Surveillance
Turnstiles
Walls
Technical Security
OS Hardening and Application Hardening
Service Packs, Hot fixes and Updates
Firewall
Proxy Server
IDS/IPS
Anti-virus
Anti-spyware
Encryption
Monitoring Software
Audit Software
Logs (Application, System, Security, Firewall, History)
Vulnerability Software
Procedural
Security Policies
Security Templates
Disaster Recovery (Hot, Warm and Cold Site, BCM and BIA)
Availability (UPS, RAID, Generator)
SLA and Contracts
Sign in and Sign Out
Foreign Objects
Monitoring
Authentication
Verification
Change
Incident
Problem
Security
Risks
Counter Measures
Social Engineering
Information Gathering
Dumpster Diving
Manipulation (pretty girls, games)
Deception
Trust Games
Chaos Theory
Lost Souls
Piggy Backing
Phishing
Vishing
Profiling
Shoulder Surfing
Act like you belong
Vendor Tricks
Sad Story
Maintenance
Gifts
Trickery (Tech Support for PC and ATM machines)
Uniforms
Authority Figure
Everyone has a price
Security Policies Sign in and Sign out Policies and Multi-factor Security
Password (Dictionary, Brute Force or Hybrid Attacks) Kerberos
Length, Expiration, History, Complexity and Strength
CIA – Confidentiality, Integrity and Availability (Security Cornerstone and Foundation)
AAA - Authentication, Authorization and Accounting
Biometrics (Fingerprints, Retina, Isis, Facial, Palm Scans, Voice, Body) Only negative dealing with false positives
Smartcards / Tokens
RSA Smart Card
Virus – software written by someone to destroy or replicate
Trojans – Disguise malicious code within apparently useful applications
Logic Bombs – Trigger on a particular condition
Worms – Self replicating forms of other types of malicious code
Bots – Systems that can be controlled by outside sources
Rootkits – Pieces of software that can be installed and hidden on a PC mainly for the purpose of compromising a system
Boot Sector – Virus that attacks the MBR
Executable – Virus that will execute
Macro – Automated Virus
Anti-Virus Software (Norton, McAfee, AVG, Bit Defender and Kaspersky)
Pop Ups
Browser Redirection
Security Alerts
Slow Performance
Spam
Internet connectivity issues
Lock ups
Renamed system files
Files disappearing
File permission changes
Hijacked
Access Denied
Rogue Devices
Adware, Popups, Malware, Grayware Use Anti-Spyware (Malwarebytes, AdAware, Windows Defender and SpyBot)
Web Vulnerabilities (Java, Java Script, Active X, Cookies, CGI, SMTP Relay)
SSL or TLS Secure Socket Layer and Transport Layer Security
Encryption (Hash) EFS, Bit Locker Encryption) Clear Text vs. Cipher and Digital Signatures
Dumpster Diving – Shred information
Firewall
A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.
Firewall Types
Network Based Firewall Example:
Sonic Wall
Cisco
Juniper
Fortinet
Host Based Windows Firewall:
WIndows FIrewall
Black Ice Defender
Zone Alarm
Packet Filter or Stateless Firewall checks for specific data packets restricts or allows access to network based on certain criteria
(IP Address, Port Number, Protocol ID and MAC Address)
Stateful Firewall monitors data traffic streams from one end to the other.
Circuit Level Firewall operate at the transport and session layers
Application Layer Firewalls operate at the application layer
Demilitarized Zones are perimeter network protection
Proxy Servers
Other Roles for a Firewall: Content Filtering, Signature Identification, Virus Scanning, NAT, Filtering and Bandwidth Management
Auditing and Event Logging
(Security Logs, Application Logs, History Logs and Syslogs)
Honeypots and Honeynets
A system use as a decoy to attract and deflect attacks from hackers
An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet.
An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
Behavior Based, Signature Based and Anomaly Based
Tunneling and Encryption
ISAKMP – Internet Security Association and Key Management Protocol is a procedure use for authentication, creation and management of security associations key generation techniques and threat mitigation.
PPTP – Point to Point Tunneling Protocol creates a secure tunnel between two points on a network, over which other connectivity protocols, such as PPP, can be used.
L2TP – Layer 2 Tunneling Protocol is a combination PPTP and Cisco L2F technology.
IPSec – IP Security protocol is designed to provide secure communications between systems.
Site to Site and Client-to-Site
In Site to Site implementation, as the name implies, whole networks are connected together
In a Client-to-Site scenario, individual clients connect to the network remotely.
TCP/IP and MAC Filtering – Accepts or Rejects incoming connection based on IP and MAC addresses.
Authentication Security Protocols – PAP, SPAP, CHAP, MS CHAP and EAP
Remote Access Security
RAS –Remote Access Service
RDP – Remote Desktop Protocol
PPPoE – Point to Point Protocol over Ethernet
PPP – Point to Point Protocol
VNC – Virtual Network Computing
ICA – Independent Computer Architecture (Citrix)
SSH – Secure Shell
Cryptography- is the practice and study of hiding information
PKI – Public Key Infrastructure (Asymmetric vs. Symmetric) Private vs. Public Key it is used for web security, confidentiality, digital signatures and secures email.
Certificates, CA Certificate Authority, Templates, CRL Certificate Revocation List and RA Registration Authority
Public Key – A non secret that forms half of the cryptographic key pair used with a public key algorithm.
Private Key – The secret half of cryptographic key pair used with a public key algorithm.
Asymmetric (RSA, El Gamal, Diffie Hellman and Elliptic Curve)
Symmetric (MD, Blowfish, RC, DES, 3DES, AES)
TPM – Trusted Platform Module
Types of DOS Denial of Service Attacks
Fraggle – Is type of attack that spoofs UDP packets
Smurf – Similar to Fraggle causes a BSOD
Ping of Death – Sends an oversize ICMP datagram that is use to crash a system
SYN Flood – overwhelms victim with a flood of SYN packets
Buffer Overflow – Causes system to crash by overflowing the buffer
ICMP Flood – Also known as a Ping Flood
Other Attacks: Eavesdropping, Back Door, Man-in-the-middle, Spoof, Rogue Access Point, Phishing
|