Meet Jo Blitz A. Escotal
Deals of Month
Join Our Mailing List!
SIGN ME UP
Computer security is a field of computer science concerned with the control of risks related to computer use.
Network vs. Host Security
Type I (something you know) password, pin, codes, secret word
Type II (something you have) keys, tokens, smart cards
Type III (something you are) biometrics
Type IV (something you do) gait, handwriting
Goals of Security
Internal vs. External Threats
Hackers vs. Cracker
Pen Testing – Penetration Testing
White Hat - Legalized Hacking
Black Hat – Illegal Hacking
Gray Hat – in the middle of White and Black Hat Testing
Physical Security – Physical protection of your networks
ACL (Access Control List) MAC Mandatory Access Control,
DAC Discretionary Access Control, RBAC Role/Rule Based Access
Biometrics (Fingerprints, Retina, Palm, Voice, Body)
Cameras (Web, CCTV, Security, IP Based, Hidden)
CCTV (Close Circuit Television)
Magnetic Stripe Card
OS Hardening and Application Hardening
Service Packs, Hot fixes and Updates
Logs (Application, System, Security, Firewall, History)
Disaster Recovery (Hot, Warm and Cold Site, BCM and BIA)
Availability (UPS, RAID, Generator)
SLA and Contracts
Sign in and Sign Out
Manipulation (pretty girls, games)
Act like you belong
Trickery (Tech Support for PC and ATM machines)
Everyone has a price
Security Policies Sign in and Sign out Policies and Multi-factor Security
Password (Dictionary, Brute Force or Hybrid Attacks) Kerberos
Length, Expiration, History, Complexity and Strength
CIA – Confidentiality, Integrity and Availability (Security Cornerstone and Foundation)
AAA - Authentication, Authorization and Accounting
Biometrics (Fingerprints, Retina, Isis, Facial, Palm Scans, Voice, Body) Only negative dealing with false positives
Smartcards / Tokens
RSA Smart Card
Virus – software written by someone to destroy or replicate
Trojans – Disguise malicious code within apparently useful applications
Logic Bombs – Trigger on a particular condition
Worms – Self replicating forms of other types of malicious code
Bots – Systems that can be controlled by outside sources
Rootkits – Pieces of software that can be installed and hidden on a PC mainly for the purpose of compromising a system
Boot Sector – Virus that attacks the MBR
Executable – Virus that will execute
Macro – Automated Virus
Anti-Virus Software (Norton, McAfee, AVG, Bit Defender and Kaspersky)
Internet connectivity issues
Renamed system files
File permission changes
Adware, Popups, Malware, Grayware Use Anti-Spyware (Malwarebytes, AdAware, Windows Defender and SpyBot)
(Java, Java Script, Active X, Cookies, CGI, SMTP Relay)
SSL or TLS Secure Socket Layer and Transport Layer Security
(Hash) EFS, Bit Locker Encryption) Clear Text vs. Cipher and Digital Signatures
Dumpster Diving – Shred information
A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.
Network Based Firewall Example:
Host Based Windows Firewall:
Black Ice Defender
Packet Filter or Stateless Firewall checks for specific data packets restricts or allows access to network based on certain criteria
(IP Address, Port Number, Protocol ID and MAC Address)
Stateful Firewall monitors data traffic streams from one end to the other.
Circuit Level Firewall operate at the transport and session layers
Application Layer Firewalls operate at the application layer
Demilitarized Zones are perimeter network protection
Other Roles for a Firewall: Content Filtering, Signature Identification, Virus Scanning, NAT, Filtering and Bandwidth Management
Auditing and Event Logging
(Security Logs, Application Logs, History Logs and Syslogs)
Honeypots and Honeynets
A system use as a decoy to attract and deflect attacks from hackers
An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet.
An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities.
Behavior Based, Signature Based and Anomaly Based
Tunneling and Encryption
ISAKMP – Internet Security Association and Key Management Protocol is a procedure use for authentication, creation and management of security associations key generation techniques and threat mitigation.
PPTP – Point to Point Tunneling Protocol creates a secure tunnel between two points on a network, over which other connectivity protocols, such as PPP, can be used.
L2TP – Layer 2 Tunneling Protocol is a combination PPTP and Cisco L2F technology.
IPSec – IP Security protocol is designed to provide secure communications between systems.
Site to Site and Client-to-Site
In Site to Site implementation, as the name implies, whole networks are connected together
In a Client-to-Site scenario, individual clients connect to the network remotely.
TCP/IP and MAC Filtering – Accepts or Rejects incoming connection based on IP and MAC addresses.
Authentication Security Protocols – PAP, SPAP, CHAP, MS CHAP and EAP
Remote Access Security
RAS –Remote Access Service
RDP – Remote Desktop Protocol
PPPoE – Point to Point Protocol over Ethernet
PPP – Point to Point Protocol
VNC – Virtual Network Computing
ICA – Independent Computer Architecture (Citrix)
SSH – Secure Shell
Cryptography- is the practice and study of hiding information
PKI – Public Key Infrastructure (Asymmetric vs. Symmetric) Private vs. Public Key it is used for web security, confidentiality, digital signatures and secures email.
Certificates, CA Certificate Authority, Templates, CRL Certificate Revocation List and RA Registration Authority
Public Key – A non secret that forms half of the cryptographic key pair used with a public key algorithm.
Private Key – The secret half of cryptographic key pair used with a public key algorithm.
Asymmetric (RSA, El Gamal, Diffie Hellman and Elliptic Curve)
Symmetric (MD, Blowfish, RC, DES, 3DES, AES)
TPM – Trusted Platform Module
Types of DOS Denial of Service Attacks
Other Attacks: Eavesdropping, Back Door, Man-in-the-middle, Spoof, Rogue Access Point, Phishing
Fraggle – Is type of attack that spoofs UDP packets
Smurf – Similar to Fraggle causes a BSOD
Ping of Death – Sends an oversize ICMP datagram that is use to crash a system
SYN Flood – overwhelms victim with a flood of SYN packets
Buffer Overflow – Causes system to crash by overflowing the buffer
ICMP Flood – Also known as a Ping Flood