web security associate

131
Copyright © 2010 Certification Partners, LLC -- All Rights Res Web Security Associate

Upload: quinlan-mendoza

Post on 03-Jan-2016

27 views

Category:

Documents


0 download

DESCRIPTION

Web Security Associate. Lesson 1: What Is Security?. Lesson 1 Objectives. 1.1.1: Define security 1.1.2: Identify the importance of network security 1.1.3: Identify potential risk factors for data security, including improper authentication - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Web SecurityAssociate

Page 2: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 1:What Is Security?

Page 3: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 1 Objectives

• 1.1.1: Define security • 1.1.2: Identify the importance of network security • 1.1.3: Identify potential risk factors for data security,

including improper authentication • 1.1.4: Identify security-related organizations,

warning services and certifications • 1.1.5: Identify key resources that need specialized

security measures • 1.1.6: Identify the general types of security

threat/attacker • 1.2.6: Select security equipment and software based

on ease of use

Page 4: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Network Security Background

• Internet-related security threats:– Security problems with browsers– Attacks by hackers– Threats from viruses– Internet inherently insecure

Page 5: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

What Is Security?

• Local area networks (LANs)• Wide area networks (WANs)• Virtual private networks (VPNs)• Network perimeters• Illicit servers• Trojans

Page 6: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Hacker Statistics

• Reported incidents have risen steadily:– From 252 in 1990– To 9,859 in 1999– To 137,529 in 2003

• Total vulnerabilities cataloged have also risen steadily:– From 417 in 1999– To 3,784 in 2003– To 7,236 in 2007

• Losses due to security breaches are estimated at $67.2 billion (2005)

Page 7: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

The Myth of 100-Percent Security

• Balance in security• Security policies

Page 8: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Attributes of anEffective Security Matrix

• Allows access control• Easy to use• Appropriate cost of ownership• Flexible and scalable• Superior alarming and reporting

Page 9: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

What You AreTrying to Protect

• End-user resources• Network resources• Server resources• Information-storage resources

Page 10: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Who Is the Threat?

• Casual attackers• Determined attackers• Spies and industrial espionage• End users

Page 11: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Security Standards

• Security Services (ISO 7498-2)– Authentication– Access control– Data confidentiality– Data integrity– Non-repudiation

• Security mechanisms• Other government and industry standards

in addition to ISO 7498-2

Page 12: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 1 Summary 1.1.1: Define security 1.1.2: Identify the importance of network security 1.1.3: Identify potential risk factors for data security,

including improper authentication 1.1.4: Identify security-related organizations,

warning services and certifications 1.1.5: Identify key resources that need specialized

security measures 1.1.6: Identify the general types of security

threat/attacker 1.2.6: Select security equipment and software based

on ease of use

Page 13: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 2:Elements of Security

Page 14: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 2 Objectives• 1.1.7: Identify ways in which increased security mechanisms

can result in increased latency• 1.1.8: Define the significance of a security policy • 1.1.9: Identify and develop basic components of an effective

security policy • 1.1.10: Identify the key user authentication methods • 1.1.11: Define the significance of access control methods • 1.1.12: Define the functions of access control lists (ACLs) and

execution control lists (ECLs) • 1.2.1: Identify the three main encryption methods used in

internetworking • 1.2.5: Identify the importance of auditing • 1.2.6: Select security equipment and software based on ease of

use • 1.2.7: Identify security factors related to transmission of

unencrypted data across the network • 1.2.9: Identify the significance of encryption in enterprise

networks

Page 15: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Security Elementsand Mechanisms

Audit Administration

Encryption Access Control

User Authentication

Corporate Security Policy

Elements of effective security

Page 16: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

The Security Policy

• Classify systems• Prioritize resources• Assign risk factors• Define acceptable and unacceptable

activities• Define security measures to apply to

resources• Define education standards for employees• Determine who is responsible for

administering the policies

Page 17: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Determining Backups

• To recover data lost due to an attack:– Enable a backup device– Enable a backup service

Page 18: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Encryption

• Encryption categories– Symmetric– Asymmetric– Hash

• Encryption services– Data confidentiality– Data integrity– Authentication– Non-repudiation

• Encryption strength

Page 19: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Authentication

• Authentication methods– What you know– What you have– Who you are– Where you are

Page 20: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

SpecificAuthentication Techniques

• Kerberos• One-time passwords (OTP)

Page 21: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Access Control

• Access Control List (ACL)– Objects– Common permissions

• Execution Control List (ECL)– Sandboxing

Page 22: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Auditing

• Passive auditing• Active auditing

Page 23: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Security Tradeoffsand Drawbacks

• Increased complexity• Slower system response time• Consider:

– Ease of installation– An intuitive interface– Effective customer support

Page 24: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 2 Summary 1.1.7: Identify ways in which increased security mechanisms

can result in increased latency 1.1.8: Define the significance of a security policy 1.1.9: Identify and develop basic components of an effective

security policy 1.1.10: Identify the key user authentication methods 1.1.11: Define the significance of access control methods 1.1.12: Define the functions of access control lists (ACLs) and

execution control lists (ECLs) 1.2.1: Identify the three main encryption methods used in

internetworking 1.2.5: Identify the importance of auditing 1.2.6: Select security equipment and software based on ease of

use 1.2.7: Identify security factors related to transmission of

unencrypted data across the network 1.2.9: Identify the significance of encryption in enterprise

networks

Page 25: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 3:Applied Encryption

Page 26: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 3 Objectives• 1.2.2: Define symmetric (private-key) encryption • 1.2.3: Define asymmetric (public-key) encryption,

including distribution schemes, Public Key Infrastructure (PKI)

• 1.2.4: Define one-way (hash) encryption • 1.2.8: Identify the function of parallel processing in

relation to cryptography • 1.2.10: Identify the impact of encryption protocols and

procedures on system performance • 1.2.11: Create a trust relationship using public-key

cryptography • 1.2.12: Identify specific forms of symmetric, asymmetric

and hash encryption, including Advanced Encryption Standard (AES)

• 1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu Privacy Guard (GPG) in Windows and Linux/UNIX systems

Page 27: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Reasons to Use Encryption

• Make data confidential• Help authenticate users• Ensure data integrity

Page 28: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Creating Trust Relationships

• Manually• Automatically• Rounds and parallelization

Page 29: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Symmetric-KeyEncryption

• One key is used to encrypt and decrypt messages

• Benefits and drawbacks of symmetric-key encryption

Page 30: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Symmetric-Key Algorithms

• Data Encryption Standard (DES)

• Triple DES• Symmetric

algorithms created by RSA Security Corporation

• International Data Encryption Algorithm (IDEA)

• Blowfish • Twofish• Skipjack• MARS• Rijndael• Serpent• Advanced

Encryption Standard (AES)

Page 31: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Asymmetric-Key Encryption

• Benefits and drawbacks of asymmetric-key encryption

• How do browsers use public-key encryption?

• Asymmetric-key encryption elements– RSA– DSA– Diffie-Hellman

Page 32: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

One-Way (Hash) Encryption

• Signing data• Hash algorithms

– MD2, MD4 and MD5– Secure hash algorithm– MD5sum utility (Linux)

Page 33: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

AppliedEncryption Processes

• E-mail– PGP and GPG– Secure MIME– Proprietary asymmetric encryption

• Encrypting drives– Secure Sockets Layer (SSL) and Secure

HTTP– Transport Layer Security / Secure

Sockets Layer (TLS/SSL)

Page 34: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Encryption Review

• Encryption• Authentication• Key• Symmetric-key (private-key) encryption • Asymmetric-key (public-key) encryption • Message integrity by hash mark and

signature

Page 35: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 3 Summary 1.2.2: Define symmetric (private-key) encryption 1.2.3: Define asymmetric (public-key) encryption,

including distribution schemes, Public Key Infrastructure (PKI)

1.2.4: Define one-way (hash) encryption 1.2.8: Identify the function of parallel processing in

relation to cryptography 1.2.10: Identify the impact of encryption protocols and

procedures on system performance 1.2.11: Create a trust relationship using public-key

cryptography 1.2.12: Identify specific forms of symmetric, asymmetric

and hash encryption, including Advanced Encryption Standard (AES)

1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu Privacy Guard (GPG) in Windows and Linux/UNIX systems

Page 36: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 4:Types of Attacks

Page 37: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 4 Objectives

• 1.2.5: Identify the importance of auditing • 1.4.3: Identify specific types of security

attacks • 1.4.4: Identify a brute-force attack • 1.4.5: Identify a dictionary attack • 1.4.6: Identify routing issues and security • 1.4.7: Determine the causes and results

of a denial-of-service (DOS) attack • 1.4.8: Recognize attack incidents • 1.4.9: Distinguish between illicit servers

and trojans

Page 38: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Network Attack Categories

• Brute force • Dictionary • System bugs• Back doors• Malware • Social engineering • Denial of service (DOS)

• Distributed denial of service (DDOS)

• Spoofing • Scanning • Man in the middle • Bots and botnets• SQL injection

Page 39: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Brute-Force andDictionary Attacks

• Brute-force attack– Repeated access attempts

• Dictionary attack– Customized version of brute-force attack

Page 40: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

System Bugs and Back Doors

• Bug– Unintentional flaw in a program

• Back door– Deliberately-placed opening in an

operating system• Buffer overflow

Page 41: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Malware (Malicious Software)

• Viruses• Worms• Trojans and root kits• Illicit servers• Logic bombs• Zero-day attacks• Managing viruses, worms and illicit

programs• Avoiding viruses, worms and trojans

Page 42: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Social Engineering Attacks

• Call and ask for password• Fake e-mail• Phishing• Pharming• Securing desktops

Page 43: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Denial-of-Service (DOS) Attacks

• Flooding• Malformed packets

– Teardrop/Teardrop2 – Ping of Death – Land attack – Miscellaneous attacks

• Physical denial-of-service attacks

Page 44: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Distributed Denial-of-Service (DDOS) Attacks

• Components:– Controlling application– Illicit service– Zombie– Target

• Smurf and Fraggle attacks • Ways to diagnose DOS and DDOS attacks• Mitigating vulnerability and risk• Unintentional DOS

Page 45: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Spoofing Attacks

• IP spoofing• ARP spoofing• DNS spoofing• Spoofing and traceback• Protecting against spoofing attacks

Page 46: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Scanning Attacks

• Stack fingerprinting and operating system detection

• Sequence prediction • Network Mapper (Nmap)

Page 47: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Man-in-the-Middle Attacks

• Packet sniffing and network switches• Connection hijacking• Registration hijacking• Voicemail compromises• Impersonated calls• DNS and ARP cache poisoning• Avoiding man-in-the-middle attacks

Page 48: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Bots and Botnets

• Bot– Software application that runs

automated, repetitive tasks over the Internet

• Botnet– Group of computers infected with a bot

• Avoiding bot attacks

Page 49: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

SQL Injection

• SQL injection– Hacking technique in which malicious

code is inserted into SQL command strings

• Preventing SQL injection attacks

Page 50: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Auditing

• Checking password databases regularly • Checking log files • Scanning systems • Identifying information leakage

– Necessary information – Unnecessary information

Page 51: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 4 Summary

1.2.5: Identify the importance of auditing 1.4.3: Identify specific types of security

attacks 1.4.4: Identify a brute-force attack 1.4.5: Identify a dictionary attack 1.4.6: Identify routing issues and security 1.4.7: Determine the causes and results

of a denial-of-service (DOS) attack 1.4.8: Recognize attack incidents 1.4.9: Distinguish between illicit servers

and trojans

Page 52: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 5: Recent Networking

Vulnerability Considerations

Page 53: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 5 Objectives• 1.1.3: Identify potential risk factors for data security,

including improper authentication • 1.2.5: Identify the importance of auditing • 1.4.3: Identify specific types of security attacks • 1.4.8: Recognize attack incidents

Additional topics:• Security issues associated with wireless network

technologies • Security issues associated with convergence

networking technologies • Security issues associated with Web 2.0 technologies • Additional security issues, including greynet

applications, data at rest, trusted users within an organization, anonymous downloads and indiscriminate link-clicking

Page 54: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Wireless Network Technologies and Security

• Wireless Ethernet elements• Wireless signals

– FHSS– DSSS– OFDM

Page 55: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

IEEE 802.11 Wireless Standards

• 802.11 (WiFi)• 802.11a• 802.11b• 802.11e• 802.11g• 802.11h• 802.11i• 802.11n (most current)

Page 56: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Wireless Networking Modes

• Ad-hoc mode• Infrastructure mode• Wireless access points (APs)

– Wireless cells– Authentication types in wireless networks– BSSID– SSID– Wireless AP beacon

• Host association

Page 57: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Wireless Application Protocol (WAP)

• WAP services:– Uniform scripting standards for wireless

devices – A method of encrypting devices from

WAP-enabled phones • Wireless Transport Layer Security (WTLS):

– WTLS benefits– Problems with WTLS

• Languages used in WAP

Page 58: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Wireless Network Security Problems

• Cleartext transmission• Access control• Unauthorized APs and wireless systems • Corporate users participating in ad hoc

networks • Weak and/or flawed encryption • Encryption and network traffic • War driving

Page 59: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Wireless Network Security Solutions

• WEP• MAC address filtering• WPA2 (802.11i)• IEEE 802.1x• RADIUS• Physical and configuration solutions

Page 60: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Site Surveys

• Authorized site surveys– Site surveys after implementation

• Unauthorized site surveys– War driving/war walking– Examples of site surveying software

Page 61: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Convergence Networking and Security

• Convergence technologies and equipment:– Private Branch Exchange (PBX)– Voice over IP (VoIP) devices– End-user telephone connections

• Virtual LANs (VLANs)• VLAN hopping• Firewall conflicts• DNS loops

Page 62: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Web 2.0 Technologies

• Ajax• Wikis• Blogs• Really Simple Syndication (RSS)• Podcasts • Folksonomy

Page 63: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Greynet Applications

• Instant messaging (IM)• Peer-to-peer (P2P) applications• File transfer and the 8.3 naming convention• Securing IM and P2P

Page 64: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Vulnerabilitieswith Data at Rest

• Data on network drives and in network shares

• Data on vulnerable systems• Database data and SQL injection

Page 65: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Security Threatsfrom Trusted Users

• Security breaches due to:– Carelessness– Noncompliance with established security

measures– Following inadequate security policies

Page 66: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Anonymous Downloadsand Indiscriminate Link-Clicking

• Poisoned Web sites• Drive-by downloads• Guidelines to help avoid contact with

poisoned Web sites

Page 67: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 5 Summary 1.1.3: Identify potential risk factors for data security,

including improper authentication 1.2.5: Identify the importance of auditing 1.4.3: Identify specific types of security attacks 1.4.8: Recognize attack incidents

Additional topics: Security issues associated with wireless network

technologies Security issues associated with convergence networking

technologies Security issues associated with Web 2.0 technologies Additional security issues, including greynet applications,

data at rest, trusted users within an organization, anonymous downloads and indiscriminate link-clicking

Page 68: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 6:General Security Principles

Page 69: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 6 Objectives

• 1.3.1: Identify the universal guidelines and principles of effective network security

• 1.3.2: Define amortization and chargeback issues related to network security architectures

• 1.3.3: Use universal guidelines to create effective specific solutions

Page 70: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

CommonSecurity Principles

• Be paranoid• Have a security

policy• No system or

technique stands alone

• Minimize damage• Deploy company-

wide enforcement

• Provide training• Integrate security

strategies• Place equipment

according to needs• Identify security

business issues• Consider physical

security

Page 71: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 6 Summary

1.3.1: Identify the universal guidelines and principles of effective network security

1.3.2: Define amortization and chargeback issues related to network security architectures

1.3.3: Use universal guidelines to create effective specific solutions

Page 72: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 7:Protocol Layers

and Security

Page 73: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 7 Objectives

• 1.3.4: Identify potential threats at different layers of the TCP/IP stack

• 1.3.7: Secure TCP/IP services, including HTTP, FTP

• 1.4.6: Identify routing issues and security • 1.4.7: Determine the causes and results

of a denial-of-service (DOS) attack

Page 74: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

TCP/IP Security Introduction

• TCP/IP protocol stack• TCP/IP and network security

Page 75: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

OSI Reference Model Review

• Application layer• Presentation layer• Session layer• Transport layer• Network layer• Data link layer• Physical layer

Page 76: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Data Encapsulation

Page 77: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

The TCP/IP Stack and the OSI Reference Model

Page 78: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Link/Network Access Layer

• Media that defines this layer:– Fiber – Coaxial cable – Twisted pair – Free space (infrared, short-range

wireless, microwave, satellite) • Network topologies

Page 79: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Network/Internet Layer

• Internet Protocol (IP)– Packets are not signed– Packets are not encrypted– Packets can be manipulated easily

• Internet Control Message Protocol (ICMP)– ICMP message types– Why block ICMP?

Page 80: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Transport Layer

• Transmission Control Protocol (TCP)– The TCP handshake– The TCP header

• Establishing a TCP connection: – SYN and ACK

• Terminating a TCP connection: – FIN and ACK

• User Datagram Protocol (UDP)• Ports

Page 81: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Application Layer

• File Transfer Protocol (FTP)– Active FTP– Passive FTP

• Hypertext Transfer Protocol (HTTP)• Telnet• Simple Network Management Protocol

(SNMP)• Domain Name System (DNS)• Additional application layer protocols

Page 82: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Protocol Analyzers

• Monitor network traffic to identify network trends

• Identify network problems and send alert messages

• Identify specific problems• Test network connections, devices and

cables

Page 83: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 7 Summary

1.3.4: Identify potential threats at different layers of the TCP/IP stack

1.3.7: Secure TCP/IP services, including HTTP, FTP

1.4.6: Identify routing issues and security 1.4.7: Determine the causes and results

of a denial-of-service (DOS) attack

Page 84: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 8:Securing Resources

Page 85: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 8 Objectives

• 1.3.5: Consistently apply security principles• 1.3.6: Identify ways to protect operating systems,

routers and equipment against physical attacks

• 1.3.7: Secure TCP/IP services, including HTTP, FTP • 1.3.8: Identify the significance of testing and

evaluating systems and services • 1.3.9: Identify network security management

applications, including network scanners, operating system add-ons, log analysis tools

• 1.4.7: Determine the causes and results of a denial-of- service (DOS) attack

Page 86: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

TCP/IP Security Vulnerabilities

• Internet Protocol version 4 (IPv4)• Internet Protocol version 6 (IPv6)• Determining which IP version to implement

Page 87: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Implementing Security

• Publish the security policy• Categorize resources and needs• Secure each resource and service• Log, test and evaluate• Repeat the process and keep current

Page 88: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Resources and Services

• Protecting services– Protect against profiling– Coordinate methods and techniques– Protect services by changing default

settings– Remove unnecessary services

Page 89: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Protecting TCP/IP Services

• Specialized accounts• The Web Server• CGI scripts

– CGI and programming• Securing Apache2• FTP servers

– Access control

Page 90: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Simple MailTransfer Protocol (SMTP)

• The Internet Worm• Buffer overflows• The Melissa virus• Access control for e-mail• E-mail and virus scanning

Page 91: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Physical Security

• Protecting the network against common physical attacks

• Ensuring access control• Securing wireless cells• Shielding network equipment• Securing removable media• Controlling the environment• Fire detection and suppression

Page 92: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Testing Systems

• Testing existing systems• Implementing a new system or testing a

new security setting

Page 93: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Security Testing Software

• Specific tools– Network scanners– Operating system add-ons– Logging and log analysis tools

Page 94: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Security and Repetition

• Understanding the latest exploits• Continually improve and test your security

system

Page 95: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 8 Summary 1.3.5: Consistently apply security principles 1.3.6: Identify ways to protect operating systems,

routers and equipment against physical attacks

1.3.7: Secure TCP/IP services, including HTTP, FTP 1.3.8: Identify the significance of testing and

evaluating systems and services 1.3.9: Identify network security management

applications, including network scanners, operating system add-ons, log analysis tools

1.4.7: Determine the causes and results of a denial-of- service (DOS) attack

Page 96: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 9:Firewalls and

Virtual Private Networks

Page 97: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 9 Objectives• 1.1.3: Identify potential risk factors for data security,

including improper authentication • 1.2.3: Define asymmetric (public-key) encryption,

including distribution schemes, Public Key Infrastructure (PKI)

• 1.4.2: Define IPSec concepts • 1.4.6: Identify routing issues and security • 1.5.1: Define the purpose and function of various

firewall types • 1.5.2: Define the role a firewall plays in a company's

security policy • 1.5.3: Define common firewall terms • 1.5.4: Identify packet filters and their features• 1.5.5: Identify circuit-level gateways and their

features

Page 98: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 9 Objectives (cont’d)

• 1.5.6: Identify application-level gateways and their features

• 1.5.7: Identify features of a packet-filtering firewall, including rules, stateful multi-layer inspection

• 1.5.8: Identify fundamental features of a proxy-based firewall (e.g., service redirection, service

passing, gateway daemons), and implement proxy-level firewall security

• 1.5.9: Define the importance of proxy caching related to performance

• 1.6.1: Implement a packet-filtering firewall • 1.6.2: Customize your network to manage hacker

activity

Page 99: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Definition and Description of a Firewall

• Firewall• Demilitarized zone (DMZ)• Daemon

Page 100: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

The Role of a Firewall

• Implement a company’s security policy• Create a choke point• Log Internet activity• Limit network host exposure

Page 101: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Firewall Terminology

• Packet filter• Proxy server

– Application-layer proxy– Circuit-level proxy

• Network Address Translation (NAT)• Bastion host• Operating system hardening• Screening and choke routers• Demilitarized zone (DMZ)• Web security gateway

Page 102: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Firewall Configuration Defaults

• By default, a firewall can be configured to either:– Deny all traffic, in which case you would

specify certain types of traffic to allow in and out of your network

– Allow all traffic, in which case you would specify certain types of traffic to deny

Page 103: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

CreatingPacket Filter Rules

• Process• Rules and fields• Standard FTP clients and creating packet

filter rules• Passive FTP clients and packet filter rules

Page 104: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Packet Filter Advantages and Disadvantages

• Drawbacks• Stateful multi-layer inspection

– Popular packet-filtering products• Using the ipchains and iptables commands

in Linux

Page 105: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

ConfiguringProxy Servers

• Recommending a proxy-oriented firewall• Proxy server advantages and features

– Authentication– Logging and alarming– Caching– Fewer rules– Reverse proxies and proxy arrays

• Proxy server drawbacks– Client configuration– Speed

Page 106: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

URL Filtering

• Techniques to filter outbound URLs• Techniques to filter inbound URLs

Page 107: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Remote Access andVirtual Private Networks (VPNs)

• Three types of VPNs:– Workstation-to-server– Firewall-to-firewall– Workstation-to-workstation

• Tunneling protocols• Internet Protocol Security (IPsec)• Point-to-Point Tunneling Protocol (PPTP)• Layer 2 Tunneling Protocol (L2TP)• VPN vulnerabilities

Page 108: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Public KeyInfrastructure (PKI)

• PKI standards– Based on X.509 standard

• PKI terminology• Certificates

Page 109: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 9 Summary 1.1.3: Identify potential risk factors for data

security, including improper authentication 1.2.3: Define asymmetric (public-key) encryption,

including distribution schemes, Public Key Infrastructure (PKI)

1.4.2: Define IPSec concepts 1.4.6: Identify routing issues and security 1.5.1: Define the purpose and function of various

firewall types 1.5.2: Define the role a firewall plays in a company's

security policy 1.5.3: Define common firewall terms 1.5.4: Identify packet filters and their features 1.5.5: Identify circuit-level gateways and their

features

Page 110: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 9 Summary (cont’d)

1.5.6: Identify application-level gateways and their features

1.5.7: Identify features of a packet-filtering firewall, including rules, stateful multi-layer inspection

1.5.8: Identify fundamental features of a proxy-based firewall (e.g.; service redirection, service

passing, gateway daemons), and implement proxy-level firewall security

1.5.9: Define the importance of proxy caching related to performance

1.6.1: Implement a packet-filtering firewall 1.6.2: Customize your network to manage hacker

activity

Page 111: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 10:Levels of

Firewall Protection

Page 112: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 10 Objectives

• 1.4.6: Identify routing issues and security • 1.5.1: Define the purpose and function of

various firewall types • 1.5.3: Define common firewall terms • 1.6.1: Implement a packet-filtering firewall • 1.6.2: Customize your network to manage

hacker activity

Page 113: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Designing a Firewall

• Firewall design principles– Keep design simple– Make contingency plans

Page 114: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Types of Bastion Hosts

• Single-homed bastion host• Dual-homed bastion host• Triple-homed bastion host• Internal bastion hosts

Page 115: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Hardware Issues

• Choosing the operating system• Firewall appliances• Services• Daemons• Proxy servers

Page 116: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

CommonFirewall Designs

• Screening routers• Screened host firewall (single-homed

bastion)• Screened host firewall (dual-homed bastion)• Screened subnet firewall (demilitarized

zone)

Page 117: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 10 Summary

1.4.6: Identify routing issues and security 1.5.1: Define the purpose and function of

various firewall types 1.5.3: Define common firewall terms 1.6.1: Implement a packet-filtering firewall 1.6.2: Customize your network to manage

hacker activity

Page 118: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 11:Detecting and

Distracting Hackers

Page 119: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 11 Objectives

• 1.6.2: Customize your network to manage hacker activity

• 1.6.3: Implement proactive detection • 1.6.4: Distract hackers and contain their

activity • 1.6.5: Deploy tripwires and other traps on a

network host

Page 120: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Proactive Detection

• Automated security scans• Login scripts• Automated auditing

Page 121: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Distracting the Hacker

• Dummy accounts• Dummy files

– Dummy password files• Tripwire scripts• Automated checksums• Jails

Page 122: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Deterring the Hacker

• Methods for deterring hackers– Log traffic and send e-mail messages– Conduct reverse scans– Drop the connection– Contact the ISP

• Tools for responding to hackers• Problems with retaliation

Page 123: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 11 Summary

1.6.2: Customize your network to manage hacker activity

1.6.3: Implement proactive detection 1.6.4: Distract hackers and contain their

activity 1.6.5: Deploy tripwires and other traps on a

network host

Page 124: Web Security Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 12:Incident Response

Page 125: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 12 Objectives

• 1.6.6: Respond appropriately to a security breach

• 1.6.7: Identify security organizations that can help in case of system attack

• 1.6.8: Subscribe to respected security alerting organizations

• 1.6.9: Identify appropriate authorities to contact regarding data theft and other attacks

Page 126: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Creating an Incident Response Policy

• Decide ahead of time• Do not panic• Document everything

Page 127: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Determining if an Attack Has Occurred

• Determine the scope of the breach• Stop or contain activity

Page 128: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Executingthe Response Plan

• Notifying affected individuals• Notifying appropriate authorities• Notifying Internet agencies

Page 129: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Analyzing and Learning

• Ask questions of everyone involved• Record specific lessons you have learned• Update your security policy

Page 130: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 12 Summary

1.6.6: Respond appropriately to a security breach

1.6.7: Identify security organizations that can help in case of system attack

1.6.8: Subscribe to respected security alerting organizations

1.6.9: Identify appropriate authorities to contact regarding data theft and other attacks

Page 131: Web Security Associate

Web Security AssociateCopyright © 2010 Certification Partners, LLC -- All Rights Reserved

Web Security Associate What Is Security? Elements of Security Applied Encryption Types of Attacks Recent Networking Vulnerability Considerations General Security Principles Protocol Layers and Security Securing Resources Firewalls and Virtual Private Networks Levels of Firewall Protection Detecting and Distracting Hackers Incident Response