UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds – Office Hours: Tuesday, 8:00 PM ET, Wednesday 8:00 PM ET 1

CHAPTER 3 What was covered last week… Chapter 3 - Infrastructure and Connectivity Understanding Infrastructure Security Understanding Network Infrastructure Devices Monitoring and Diagnosing Networks Securing Workstations and Servers Understanding Mobile Devices and Remote Access Securing Internet Connections Understanding Network Protocols Basics of Cabling, Wires and Communications Employing Removable Media

CHAPTER 3 Quick check of concepts… Quickly type your response to these three questions: Example: type #1 and then your answer #1 Well-known TCP Port Number for HTTP, FTP and SNMP (Hint: search - well-known ports) #2 Name two standard routing protocols #3 Define RADIUS

CHAPTER 4 OVERVIEW Monitoring Activity and Intrusion Detection Monitoring the Network Understanding Intrusion Detection Systems (IDS) Working with Wireless Systems Understanding Instant Messaging Features Working with 8.3 File Naming Understanding Protocol Analyzers Understanding Signal Analysis and Intelligence Footprinting Scanning 4

CHAPTER 4 Monitoring the Network Monitoring – what is it? Who does it ? Why do you need to know how to do it? Types of Network Traffic TCP/IP Novell - IPX/SPX and NDS/eDirectory Microsoft - NetBIOS/NetBEUI and WINS Network File System (NFS) Apple Monitoring Network Systems – tap locations 5

CHAPTER 4 There are many scanning and monitoring tools Freeware: Ethereal - Ethereal works on Windows - you will need to install WinPcap Wireshark - 4th Annual Sharkfest – recent conference – view videos, etc. One example of vendor products: NetScanTools Basic is free, NetScanTools Pro - $249 (-20% Education) NetScanTools 6 Real Time Monitoring

CHAPTER 4 Field Trip… Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. Left hand side of screen – 20 minute video ONLY first 3 minutes - you can view the entire tour later… 7 Real Time Monitoring

CHAPTER 4 Field Trip… Ethical Hacking How To: Tutorial on ARP Scanning to Discover ALL Local Devices Go visit this site later… Solving Network Mysteries Video Series Visit to the “Case of the Disappearing Sales Calls” – 5 minutes. Outlines how a sales rep’s traffic indicated how she spent her time at work! Betty DeBois Voice over IP (VoIP – pronounced “voy-p”) is part of this capture 8 Real Time Monitoring

CHAPTER 4 Intrusion Detection Systems Terms – pg 180 to 190 Intrusion detection systems (IDS) Two primary approaches: signature-based and anomaly-based Signature-based - misuse-detection IDS (MD-IDS) Anomaly-detection IDS (AD-IDS) Network-based IDS (N-IDS) Passive Response Active Response Host-based IDS (H-IDS) NIPS – Network Intrusion Prevention Systems 9

CHAPTER 4 Intrusion Detection Systems Software, hardware, managed IDS Symantec, Cisco, McAfee, IBM, etc. Open source: Snort : Everyone's favorite open source IDS Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. 10

CHAPTER 4 Using Honeypots What is a honeypot? A computer that is designated as a target for computer attacks and is used to gather information about the attacker. SANS article 11

CHAPTER 4 Understanding Incident Response Step 1: Identifying the Incident Step 2: Investigating the Incident Step 3: Repairing the Damage Step 4: Documenting and Reporting the Response Step 5: Adjusting Procedures 12

CHAPTER 4 Working with Wireless Systems Wireless Transport Layer Security (WTLS) IEEE x Wireless Protocols WEP/ WAP Wireless Vulnerabilities Wireless Intrusion Detection System (WIDS) Motorola

CHAPTER 4 Instant Messaging IM Vulnerabilities Controlling Privacy 14

CHAPTER 4 Working with 8.3 File Naming Carryover from the days of FAT Common file extensions for executables Set your Windows Explorer to display extentions 15

CHAPTER 4 Understanding Protocol Analyzers Protocol analyzing and packet sniffing are interchangeable terms Sniffing is the process of monitoring data transmitted across a network Instant Messaging is susceptible to sniffing 16

CHAPTER 4 Signal Analysis and Signal Intelligence Footprinting Scanning Nmap nmap.org WARNING: ISP problems Nmap is a free, open-source port scanner available for both UNIX and Windows. Videos on Youtube, also tutorials In the movies – Hollywood likes Nmap! 17

CHAPTER 4 SUMMARY Monitoring versus Auditing External monitoring – Internal monitoring Audit Logs - User privileges, file access, sensitive folders (examples) Real-time versus alert-based, regularly required audit log analysis More on Auditing later - discussed in a later chapter 18

CHAPTER 4 Unit 4 Assignment Unit 4 Project - three questions, each at least one page. 19

CHAPTER 4 Unit 4 Assignment Unit 4 Project - three questions, each at least one page. 1. Using your favorite Internet search tool search out and evaluate three protocol analyzers. List advantages and disadvantages for each of the three selected. 2. Examine honeypots in terms of system monitoring. Do you feel these are a benefit or are they are not worth the time/risk/expense? Defend your position. 3. Compare and contrast footprinting and scanning. Describe defense measures you can take as a network administrator to defend against each. APA Style: Title Page, Reference Page. Cite your sources. Use APA Sample. Questions? 20