Security Training at CCSF Last revised 8-22-13. A.S. Degree.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Access Control Methodologies
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
Authentication & Kerberos
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 12 Network Security.
Chapter 7 HARDENING SERVERS.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Authentication, Authorization and Accounting
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Chapter 10: Authentication Guide to Computer Network Security.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Fundamentals of Network Security Preparation for Security+ Certification Essential for any Information Technology professional.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Chapter 21 Distributed System Security Copyright © 2008.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Operating System Security Fundamentals Dr. Gabriel.
Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Chap1: Is there a Security Problem in Computing?.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 7: Implementing Security Using Group Policy.
Authentication What you know? What you have? What you are?
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Privilege Management Chapter 22.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
CSCE 201 Identification and Authentication Fall 2015.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
11 SECURITY PLANNING AND ADMINISTRATIVE DELEGATION Chapter 6.
IS3220 Information Technology Infrastructure Security
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Understand User Authentication LESSON 2.1A Security Fundamentals.
Authentication, Authorization and Accounting Lesson 2.
Chapter One: Mastering the Basics of Security
SECURITY PLANNING AND ADMINISTRATIVE DELEGATION
Configuring Windows Firewall with Advanced Security
Radius, LDAP, Radius used in Authenticating Users
CompTIA Security+ Study Guide (SY0-401)
How to Mitigate the Consequences What are the Countermeasures?
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Authentication Chapter 2.
Designing IIS Security (IIS – Internet Information Service)
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Security Training at CCSF Last revised

A.S. Degree

CNIT 120: Network Security Fundamentals of Network Security Preparation for Security+ Certification Essential for any Information Technology professional

CNIT 40: DNS Security Configure and defend DNS infrastructure

CNIT 121: Computer Forensics Analyze computers for evidence of crimes Recover lost data

CNIT 122: Firewalls Defend networks

Two Hacking Classes Perform real cyberattacks and block them CNIT 123: Ethical Hacking and Network Defense CNIT 124: Advanced Ethical Hacking 9

Supplemental Materials Projects from recent research Students get extra credit by attending conferences 10

Certified Ethical Hacker CNIT 123 and 124 help prepare students for CEH Certification 11

CNIT 125: Information Security Professional CISSP – the most respected certificate in information security

CNIT 126: Practical Malware Analysis Incident response after intrusion

Ch 1: Mastering the Basics of Security CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide Darril Gibson

Exploring Core Security Principles

The CIA of Security Confidentiality IntegrityAvailability

Confidentiality Prevents unauthorized disclosure of data Ensures that data is only viewable by authorized users Some methods –Authentication combined with Access controls –Cryptography

Integrity Assures that data has not been modified, tampered with, or corrupted Only authorized users should modify data Hashing assures integrity –Hash types: MD5, SHA, HMAC –If data changes, the hash value changes

Hash Value for Download

Availability Data and services are available when needed Techniques: –Disk redundancies (RAID) –Server redundancies (clusters) –Site redundancies –Backups –Alternate power –Cooling systems

Balancing CIA You can never have perfect security Increasing one item lowers others Increasing confidentiality generally lowers availability –Example: long,complex passwords that are easily forgotten

Non-Repudiation Prevents entities from denying that they took an action Examples: signing a home loan, making a credit card purchase Techniques –Digital signatures –Audit logs

Defense in Depth Layers of protection Example –Firewall –Antivirus –Deep Freeze

Implicit Deny Anything not explicity allowed is denied Common Access Control Lists for –Firewalls –Routers –Microsoft file and folder permissions

Introducing Basic Risk Concepts

Risk Risk –The likelihood of a threat exploiting a vulnerability, resulting in a loss Threat –Circumstance or event that has the potential to compromise confidentiality, integrity, or availability –Insider threat Vulnerability –A weakness

Risk Mitigation Reduces chance that a threat will exploit a vulnerability Done by implementing controls (also called countermeasures and safeguards) Even if a threat can't be prevented, like a tornado –Risk can still be reduced with controls, like insurance, evacuation plans, etc.

Controls Access controls –After Authentication, only authorized users can perform critical tasks Business continuity and Disaster Recovery Plans –Reduce the impact of disasters Antivirus software –Reduces the impact of malware

Exploring Authentication Concepts

Identification, Authentication, and Authorization Identification –State your name (without proving it) Authentication –Proves your identity (with a password, fingerprint, etc.) Authorization –Grants access to resources based on the user's proven identity

Identity Proofing Verifying that people are who they claim to be prior to issuing them credentials –Or when replacing lost credentials

Sarah Palin's Link Ch 1a

Three Factors of Authentication Something you know –Such as a password –Weakest factor, but most common Something you have –Such as a smart card Something you are –Such as a fingerprint

Password Rules Passwords should be strong –At least 8 characters, with three of: uppercase, lowercase, numbers, and symbols Change passwords regularly Don't reuse passwords Change default passwords Don't write down passwords Don't share passwords Account lockout policies –Block access after too many incorrect passwords are entered

Password history –Remembers previous passwords so users cannot re-use them Account Lockout Policies –Account lockout threshold The maximium number of times a wrong password can be entered (typically 5) –Account lockout duration How long an account is locked (typically 30 min.)

Previous Logon Notification Gmail has it, at the bottom of the screen

Something You Have Smart Card –Contains a certificate –Read by a card reader –Image from made-in- china.com/ Token or Key Fob –Image from tokenguard.com

Smart Cards Embedded certificate Public Key Infrastructure –Allows issuance and management of certificates CAC (Common Access Card) –Used by US Department of Defense PIV (Personal Identity Verfication) card –Used by US federal agencies

Something You Are (Biometrics) Physical biometrics –Fingerprint Image from amazon.com –Retinal scanners –Iris scanners Behavioral biometrics –Voice recognition –Signature geometry –Keystrokes on a keyboard

False Acceptance and False Rejection False Acceptance Rate –Incorrectly identifying an unauthorized user as autnorized False Rejection Rate False Rejection Rate –Incorrectly rejecting an authorized user

Multifactor Authentication More than one of –Something you know –Something you have –Something you are Two similar factors is not two-factor authentication –Such as password and PIN

Exploring Authentication Services

Authentication Services Kerberos –Used in Windows Active Directory Domains –Used in UNIX realms –Developed at MIT –Prevents Man-in-the-Middle attacks and replay attacks

Kerberos Requirements A method of issuing tickets used for authentication –Key Distribution Center (KDC) grants ticket- granting-tickets, which are presented to request tickets used to access objects Time synchronization within five minutes A database of subjects or users –Microsoft's Active Directory

Kerberos Details When a user logs on –The KDC issues a ticket-granting-ticket with a lifetime of ten hours Kerberos uses port 88 (TCP & UDP) Kerberos uses symmetric cryptography

LDAP (Lightweight Directory Access Protocol) Formats and methods to query directories Used by Active Directory An extension of the X.500 standard LDAP v2 can use SSL encryption LDAP v3 can use TLS encryption LDAP uses ports 389 (unencrypted) or 636 (encrypted) (TCP and UDP)

Mutual Authentication Both entities in a session authenticate prior to exchanging data –For example, both the client and the server MS-CHAPv2 uses mutual authentication

Single Sign-On Users can access multiple systems after providing credentials only once Federated Identity Management System –Provides central authentication in nonhomogeneous environments

IEEE 802.1x Port-based authentication –User conects to a specific access point or logical port Secures authentication prior to the client gaining access to a network Most common on wireless networks –WPA Enterprise or WPA2 Enterprise Requires a RADIUS (Remote Authentication Dial-in User Service) or other centralized identification server

Remote Access Authentication

Remote Access Clients connect through VPN (Virtual Private Network) or dial-up A VPN allows a client to access a private network over a public network, usually the Internet

Remote Access Authentication Methods PAP (Password Authentication Protocol) –Passwords sent in cleartext, rarely used CHAP (Challenge Handshake Protocol) –Server challenges the client –Client responds with appropriate authentication information MS-CHAP –Microsoft's implementation of CHAP –Deprecated

Remote Access Authentication Methods MS-CHAPv2 –More secure than MS-CHAP –Seriously broken by Moxie Marlinspike at Defcon 2012 (Link Ch 1c) –He recommends using certificate authentication instead

Remote Access Authentication Methods RADIUS (Remote Authentication Dial-in User Service) –Central authentication for multiple remote access servers –Encrypts passwords, but not the entire authentication process –Uses UDP

Remote Access Authentication Methods TACACS (Terminal Access Controller Access-Control System) –Was used in UNIX systems, rare today TACACS+ –Cisco proprietary alternative to RADIUS –Interacts with Kerberos –Encrypts the entire authentication process –Uses TCP –Uses multiple challenges and responses during a session

AAA Protocols: Authentication, Authorization, and Accounting Authentication –Verifies a user's identification Authorization –Determines if a user should have access Accounting –Tracks user access with logs

AAA Protocols: Authentication, Authorization, and Accounting RADIUS and TACACS+ are both AAA protocols Kerberos doesn't provide accounting, but is sometimes called an AAA protocol

Cert Test Review Questions from Textbook

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.