Computer Security

Computer security is a field of computer science concerned with the control of risks related to computer use.
Network vs. Host Security

Type I (something you know) password, Type II (something you have) keys, token, Type III (something you are) biometrics

1. Identify
2. Authenticate
3. Authorize

Threats
Internal vs. External Threats
Hackers vs. Cracker

Pen Testing – Penetration Testing
White Hat - Legalized Hacking
Black Hat – Illegal Hacking
Gray Hat – in the middle of White and Black Hat Testing

Physical Security – Physical protection of your networks

Access Badge
ACL (Access Control List) MAC Mandatory Access Control, DAC Discretionary Access Control, RBAC Role/Rule Based Access
Alarms
Biometrics (Fingerprints, Retina, Palm, Voice, Body)
Bright Lights
Cameras (Web, CCTV, Security, IP Based, Hidden)
CCTV (Close Circuit Television)
Codes
Dogs
Doors
Electronic Locks
Fence
Gates
Guards
Keys
Locks
Logical Security
Magnetic Stripe Card
Man Trap
Motion Sensors
Smart cards
Surveillance
Turnstiles
Walls

Technical Security

OS Hardening and Application Hardening
Service Packs, Hot fixes and Updates
Firewall
Proxy Server
IDS/IPS
Anti-virus
Anti-spyware
Encryption
Monitoring Software
Audit Software
Logs (Application, System, Security, Firewall, History)
Vulnerability Software

Procedural

Security Policies
Security Templates
Disaster Recovery (Hot, Warm and Cold Site, BCM and BIA)
Availability (UPS, RAID, Generator)
SLA and Contracts
Sign in and Sign Out
Foreign Objects
Monitoring
Authentication
Verification
Change
Incident
Problem
Security
Risks
Counter Measures

Social Engineering
Information Gathering
Dumpster Diving
Manipulation (pretty girls, games)
Deception
Trust Games
Chaos Theory
Lost Souls
Piggy Backing
Phishing
Vishing
Profiling
Shoulder Surfing
Act like you belong
Vendor Tricks
Sad Story
Maintenance
Gifts
Trickery (Tech Support for PC and ATM machines)
Uniforms
Authority Figure
Everyone has a price

Security Policies Sign in and Sign out Policies and Multi-factor Security

Password (Dictionary, Brute Force or Hybrid Attacks) Kerberos
Length, Expiration, History, Complexity and Strength

CIA – Confidentiality, Integrity and Availability (Security Cornerstone and Foundation)

AAA - Authentication, Authorization and Accounting

Biometrics (Fingerprints, Retina, Isis, Facial, Palm Scans, Voice, Body) Only negative dealing with false positives

Smartcards / Tokens
RSA Smart Card

Virus – software written by someone to destroy or replicate
Trojans – Disguise malicious code within apparently useful applications
Logic Bombs – Trigger on a particular condition
Worms – Self replicating forms of other types of malicious code
Bots – Systems that can be controlled by outside sources
Rootkits – Pieces of software that can be installed and hidden on a PC mainly for the purpose of compromising a system
Boot Sector – Virus that attacks the MBR
Executable – Virus that will execute
Macro – Automated Virus

Anti-Virus Software (Norton, McAfee, AVG, Bit Defender and Kaspersky)

Pop Ups
Browser Redirection
Security Alerts
Slow Performance
Spam
Internet connectivity issues
Lock ups
Renamed system files
Files disappearing
File permission changes
Hijacked
Access Denied
Rogue Devices

Adware, Popups, Malware, Grayware Use Anti-Spyware (Malwarebytes, AdAware, Windows Defender and SpyBot)


Web Vulnerabilities (Java, Java Script, Active X, Cookies, CGI, SMTP Relay)

SSL or TLS Secure Socket Layer and Transport Layer Security

Encryption (Hash) EFS, Bit Locker Encryption) Clear Text vs. Cipher and Digital Signatures

Dumpster Diving – Shred information

Firewall

A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.

Firewall Types

Network Based Firewall Example:

Sonic Wall
Cisco
Juniper
Fortinet

Host Based Windows Firewall:

WIndows FIrewall
Black Ice Defender
Zone Alarm

Packet Filter or Stateless Firewall checks for specific data packets restricts or allows access to network based on certain criteria
(IP Address, Port Number, Protocol ID and MAC Address)

Stateful Firewall monitors data traffic streams from one end to the other.
Circuit Level Firewall operate at the transport and session layers
Application Layer Firewalls operate at the application layer
Demilitarized Zones are perimeter network protection
Proxy Servers
Other Roles for a Firewall: Content Filtering, Signature Identification, Virus Scanning, NAT, Filtering and Bandwidth Management

Auditing and Event Logging
(Security Logs, Application Logs, History Logs and Syslogs)

Honeypots and Honeynets
A system use as a decoy to attract and deflect attacks from hackers

An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet.

An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.

Behavior Based, Signature Based and Anomaly Based

Tunneling and Encryption

ISAKMP – Internet Security Association and Key Management Protocol is a procedure use for authentication, creation and management of security associations key generation techniques and threat mitigation.
PPTP – Point to Point Tunneling Protocol creates a secure tunnel between two points on a network, over which other connectivity protocols, such as PPP, can be used.
L2TP – Layer 2 Tunneling Protocol is a combination PPTP and Cisco L2F technology.
IPSec – IP Security protocol is designed to provide secure communications between systems.

Site to Site and Client-to-Site

In Site to Site implementation, as the name implies, whole networks are connected together
In a Client-to-Site scenario, individual clients connect to the network remotely.

TCP/IP and MAC Filtering – Accepts or Rejects incoming connection based on IP and MAC addresses.

Authentication Security Protocols – PAP, SPAP, CHAP, MS CHAP and EAP

Remote Access Security
RAS –Remote Access Service
RDP – Remote Desktop Protocol
PPPoE – Point to Point Protocol over Ethernet
PPP – Point to Point Protocol
VNC – Virtual Network Computing
ICA – Independent Computer Architecture (Citrix)
SSH – Secure Shell

Cryptography- is the practice and study of hiding information

PKI – Public Key Infrastructure (Asymmetric vs. Symmetric) Private vs. Public Key it is used for web security, confidentiality, digital signatures and secures email.

Certificates, CA Certificate Authority, Templates, CRL Certificate Revocation List and RA Registration Authority

Public Key – A non secret that forms half of the cryptographic key pair used with a public key algorithm.
Private Key – The secret half of cryptographic key pair used with a public key algorithm.

Asymmetric (RSA, El Gamal, Diffie Hellman and Elliptic Curve)
Symmetric (MD, Blowfish, RC, DES, 3DES, AES)

TPM – Trusted Platform Module

Types of DOS Denial of Service Attacks
Fraggle – Is type of attack that spoofs UDP packets
Smurf – Similar to Fraggle causes a BSOD
Ping of Death – Sends an oversize ICMP datagram that is use to crash a system
SYN Flood – overwhelms victim with a flood of SYN packets
Buffer Overflow – Causes system to crash by overflowing the buffer
ICMP Flood – Also known as a Ping Flood