report on network security fundamentals
TRANSCRIPT
MODULE 1
UNDERSTANDING SECURITY LAYERS:-
Understanding Core Security Principles:-
When we are working with information security field we will go through the word CIA (confidentiality, integrity and availability)
1. CONFIDENTIALITY :- It defines as a characteristic ensuring access is restricted to only permited user, application or computer system.
2. INTEGRITY : - Consistency and accuracy and validity of data & information is known as integrity. One of the goal of a successful information is to secure your information i.e. data should be protect against unauthorized changes.
3. AVAILABILITY : - It defines resources being accessible to a user, application or computer system when required.
Fig.1.1 Core Security Principles
1
THREAT :- It is defined as unauthorized access to the resource. We have 2 types of threats:-• PHYSICAL THREAT :- Damage to resources, which is physical e.g.
Burn hard disk• LOGICAL THREAT :-Other way of damaging resource. Again it is
classified into 2 categories-o Accidental Threat :- e.g. natural disaster like fire accident, electrical
short circuits.o Delibrate Threat :-It is related to exploitation of system security e.g.
hacking , spams, worms etc.
RISK MANAGEMENT :- Defines process of identifying, accessing and prioritizing risks and threats e.g. backup servers.
Risk assessment include four categories:-
i. Risk avoidance: - It is a process of eliminating a risk by choosing not to engage in any action or activity.
ii. Risk acceptance: - It defines the act of identifying and then making the decision to accept the risk and impact of a specific risk.
iii. Risk mitigation: - It is defined as chances of reducing the risk on impact of a risk to a particular level.
iv. Risk transfer: - It defines the act of taking steps to move responsibility of a risk to a third part.
Understanding Attack Surfaces: -
An attack surface consists of set of methods an attacker can use to enter a system and potentially cause damage to the system. To calculate the attack surface of an environment it is evaluated into 3 components: -
i. Applicationii. Network
iii. Internal attack (or system)
2
Application Attack Evaluating :- When evaluating the application attack, you need to concentrate on the following things: -
a) The amount of code of an applicationb) The no. of data input to an applicationc) The no. of running services
Network Surface Evaluation: -a) Network design and Architectureb) Placement and rule sets of firewallc) Other security concerns like VPN
Internal/employee Evaluation : -a) The potential for human errorsb) The risk of malicious software and social engineering
SOCIAL ENGINEERING: -It is a method used to gain access to data, systems, or networks primarily through misrepresentation. These attacks can either by a person, email or phones. To avoid social engineering attacks be suspicious to phone calls, emails, etc.even verify identity.
Fig.1.2 Social Engineering
3
SITE SECURITY:-It is a specialized area of security discipline where access control is the key concept when thinking aboutphysical security. This site security is designed may include the following:-
a) Authenticationb) Access controlc) Auditing
Physical premises are divided into 3 logical areas:-
i. External parameter :- External parameter uses security cameras and parameter fencing and entry gates protected with guards and even gates with access card reader.
ii. Internal parameter : - Server wracks locking, keypad locking, security cameras, badge readers.
iii. Secure areas : - • Highly protected• Keypads• Biometric technologies like finger or retina scanners and voice
recognition system.
Understanding Computer Security:-
It consists of the process, procedures and technologies used to protect computer system e.g. computer security cable, docking stations, laptop security cables, theft recovery software and laptop alarms. You can also protect using key loggers. Using key loggers you can protect the key strokes and also to install a software that records your complete video.
4
MODULE 2
UNDERSTANDING OS SECURITY: -
Active Directory:-
It is a technology created by Microsoft in order to do centralized management of entire enterprise network. This active directory includes different network services such as-
a) LDAP(Light Weight Directory Access Protocol): It is an application protocol used for quering and modifying data using directory services over TCP/IP. In active directory everything is arranged in hierarchical order so that we can easily find the objects of structure.
b) SSO(Single Sign On):
This protocol provides to log once and access multiple related but iindependent software systems without having to login again.
Domain Controller:
It is nothing but a window server that stores a replica of the accounts and security information of a domain and also define domain boundaries .When we install active directory services in 2008, 2012 it becomes domain controller.Example-abc.com.
DC PROMOSS:
It is a command used to promote server to DC .When we install active directory several MMC (Microsoft Management Console) and see different option that are:
1. Active directory uses end computers
2. Active directory domains and services
3. Active directory administrative centre
4. Active directory sites and services.
5
To identify a system is working in workgroup or domain check the properties
of my computer.
Terminology of Active Directory:
Parent Domain: First domain controller of your enterprise network .Example-sun.com
Child Domain: apparent domain can have multiple child domains and it is hierarchical structure.
Tree: combination of parent domain and child domains and its structure.
Forest: combination of multiple domains.example-sun.com,sun.net etc.
Site : dividing the domain based on the geographical area.
OU (Organisational units): It is used to divide the network into small groups for administration .example-account department.
Users: aperson who have access to network resources.
Groups: Collection of users with similar properties
Compilers: A PC which has the access towards the active directory.
Fig.2.1 Active Directory
6
User Category:
a) Local User Account: authentication is done local data base.
b) Global User Account or Domain User Account: authentication is done on active directory.
GROUPS:
1. Security Groups: To assign rights and permissions to access resources.
2. Distribution Groups: these are non security groups.
GROUP SCOPE:
1. Global Groups: can be on any domain no limitation.
2. Universal Groups: a user of one domain can login on other domain .Multiple domain functionality.
3. Domain Groups: Present on in any domain forest.
Built In Groups:
These groups are created automatically by the active directory.
Domain Admins: This group has computer administrator capatilty.
Domain Users : It is a default user group.
Account Operators: Users belongs to this group can create, modify, delete user accounts but they do not have administrative rights.
Backup Operators: It provides rights to take the backup over network.
Authenticated User: Everyone
7
MODULE 3
UNDERSTANDING SECURITY POLICIES:
Password Policies:
Password policies defines strong password and how user configure password .Strong password can be determined by looking at the password length, complexity and randomness. Microsoft provides number of controls that can be used to ensure password security.
Password Complexity:
Different combination (upper case to lower case plus numeric and special symbols).
Password Length:
Microsoft by default its prompts up character for security concern .You can define up to 14 characters.
Password History:
Set provides cache for the passwords content.
Time between Password Changes:
It defines time interval to change password frequently .example-email ,hosts to server, database.
Account Lockout Policies:
It defines number of encrypt logon attempts permitted before a system lock an account .
8
Review Of password policies settings:
1. Go to start
2. Administrative servers
3. Local security policy
4. Expand this option
5.Two option:
a) Password policy:
1. Enforce password history
2. Maximum password age
3. Minimum password age
4. Password must need complexity requirements
5. Password encryption (enable)
Fig.3.1 Password Policy
9
b) Account policy:
1. Account lockout duration
2. Account lockout inreshold (for invalid login attempts)
3. Reset account lockout
Fig.3.2 Account Lockout Policy
GPO (Group policy Objects):
It is a set of rules that allow an administrator granular control over the configuration of objects in active directory like users, computers, printers, applications etc.
10
Configure GPO:
Starts program ->administrative tools->active directory users to computers ->window opens->expand the domain->right click ->click on properties ->click on group policy tab->click on new ->enter the name of policy->close.
In order to make this policy as first priority to set priority go to group policy tab->move the policy upset.
Understanding Common Attacks methods:
1. Dictionary Attack
2. Brute Force attack
3. Physical attack using software and passwords key lockers
4. Examining linked password
5. Cracked Password .Example- ophack line CD, giron CD)
6. Examining network and wireless password through shiffers.
7. Guest password login
11
MODULE 4
UNDERSTANDING SECURITY SOFTWARE:-
Classification of DMZ: -
1. Sandwich DMZ : - We have inner and outer firewall and network is protected with these 2 firewalls.
Fig.4.1 Sandwich DMZ
2. Single firewall DMZ : - which protects internal network and parameter network and internet cloud.
Fig.4.2 Single Firewall DMZ
12
NAT(network address translation) : - Technique used to modify network address information of a host while traffic is travelling through a router or firewall. This NAT hides the network information of private network while still permitting the traffic across a public network.
Classification of NAT: -
1. Static NAT: -It maps an unregistered IP address on a public network to a registered IP address on a public network using 1 to 1 base.
2. Dynamic NAT:- It maps an unregistered IP address on a private network to a registered IP address that is selected by router device.
IP SECURITY: -Benefits are: -
i. Access Controlii. Data Authentication
iii. Replay Detection and Rejectioniv. Confidentiality using encryption
Components of IP security: -
i. AH(Authentication Header)ii. ESP (Encapsulating Security Payload)
iii. IKE (Internet Key Exchange)
IP Security can be used in 2 different modes:-
i. Transport Mode i.e. host to hostii. Tunnel Mode i.e. Gateway to host or gateway to gateway
13
SSH (Secure Shell) : -Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authenticationand secure communications over insecure channels.
SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS was spoofing. An attacker who has managed to take over a network can only force SSH to disconnect. He or she cannot play back the traffic or hijack the connection when encryptions enabled.
COMMON NETWORK ATTACK METHODS :-i. DOS (Deny of Services)
ii. DDOS (Distributed DOS)iii. IP Spoofingiv. Middle Attack v. Backdoor Attack
vi. DNS poisoningvii. Replay Attack
viii. Weak Encryption Keysix. Social engineeringx. Software Attack
xi. Buffer Overflow Attackxii. Remote Code Execution Attack
xiii. SQL injection Attackxiv. Cross-site Scripting Attack
Security Wireless Networks :-Wireless networks basic components is SSID i.e. service set identity. Using net stumbles utility you can scan SSID’S of your wireless networks.
Protecting or Securing Wireless networks : -i. Choose your own SSID
ii. Use own naming conventions for your devices
14
Techniques used for securing wireless networks : -i. WEP (While equivalent privacy)
ii. WAP (Wireless protection Action)
Connecting a wireless device involves 4 steps : -i. Initialization
ii. Initiationiii. Negotiationiv. Authentication
PROTECTING THE SERVER AND CLIENT: -
Malicious Software:-Also called as Malware . This software is designed to affect a computer system without owners information concern. This malware is usually associated with viruses, worms, trozen , spyware, route kits, Dishonest Adwares.
Malware Categories: - These are classified based on damaged cost to your system.
Virus: - replication of files
To protect this virus we have antivirus software programs.
Virus Symptoms:-i. Virus affects on CMOS and BIOS ROM : - You will get display
problem.ii. Memory Resident Virus: - Memory related issues
iii. Booting Virusiv. Partition or volume Virus :- Delete all partitionv. File Virus: - Modify the content, increase and decrease file size and
replicate the files.vi. Software errors
vii. Problem related to hardware devices
15
viii. Network connectivity problemsix. Corrupted filesx. Abnormal Error messages
xi. Blue Screen Errorsxii. Missing files
To avoid virus of malware you should follow these steps: -1. Don’t install unknown software/unlicensed software.2. Don’t open strange email.3. Don’t click on hyperlinks which provides free services4. Don’t visit to survey websites5. Don’t install freeware software
WINDOWS UPDATE: -It is a process of including fix, patches, service packs, updating device drivers. To run it go to control panel -> open windows -> click on update now.
Fig.4.3 Windows Update
16
3 Types of UPDATES: -i. Important Updates
ii. Recommended Updatesiii. Optional Updates
With the concern with issues window update can deliver the following: -i. Security Update (related to antiviruses)
ii. Critical Updates (errors or bugs related to system)iii. Service Packs (adds features to OS)
PHISHING AND PHARMING:-Phishing: -Phishing is a technique to attack individual using fake websites or fake data and collecting personal information and attempting to cause a threat. Done by using Social Engineering methods e.g. collecting Gmail or Facebook data.Pharming: -Pharming is technique aimed website traffic to a fake website.
PROTECTING SERVER: -i. Placing the server : - related to physical location
ii. Hardening the server: - implementing firewalls, security services, and antivirus protection.
iii. Disaster Solution
MBSA (Microsoft Base Line Security Analyzer): -It is a tool you can check missing security updates and other security components
17
CONCLUSION
The computer provides a great accuracy, speed and increasing volume of data
which accelerate the work of that department .Computer is a central element in
an organization, despite the fact that the computer is nothing more than a tool
for processing data, but its real role is to provide information for decision and
for planning and controlling operation.In present world, life is going very fast
and everybody wants a good and correct implementation in very short time.
Along with this everyone needs security against various attacks and thus
security tools are developed in order to save one’s identity and data.
18
REFERENCES
MOAC SECURITY FUNDAMENTALS 98-369 http://ayurveda.hubpages.com http://www.tech-faq.com
19