1. Chapter 14

2.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems  Describe how an IDS responds, detects threats and where it runs  Describe how to perform a vulnerability assessment  Harden a network and its devices  Identify switch port security methods

3. 14.1

4.  After implementing security, you don’t wait for an attack  Use an IDS (Intrusion Detection System) or IPS (Intrusion Prevention System)  Two types of IDS’  Passive (IDS)  Active (IPS)  Classified by how they detect & respond to attacks

5.  Passive IDS  Monitors network for threats  Alert if threat is found  ONLY DETECTS - DOES NOT TRY TO STOP THREAT  Active IDS  AKA Intrusion Prevention System (IPS)  Detects attack – Takes action! Example: A port is attacked; it closes the port until the attack stops

6.  Signature Recognition  Has a list of known attacks  MATCH= take action  Can only detect identified/listed attacks  Anomaly Recognition  Identifies typical network traffic  Then looks for abnormal traffic  Uses a measurement above normal values to determine if action should be taken

7.  Host-based  Runs on a single PC  Monitors application activity & system files  Anti-virus software Uses list of virus definitions to detect; SIGNATURE-BASED IDS  Network-based  Acts like a firewall  Put AV on the device so it can scan all PCs  Centralized admin point

8.  Create fake resources  Honeypot  Device or virtual machine that entices intruders by having an obvious vulnerability  Distracts hackers from valuable resources  You can observe them, gather info about them, prosecute them

9.  Identifies vulnerabilities in a network  Vulnerability scanner  Scans open ports, software holes, missing patches, misconfigurations, default passwords  Ping scanner  Detects incoming ICMP requests  Allows you to block them on each device’s firewall  Port scanner  Scans for open ports  Password Cracker  Identifies weak passwords by trying to crack them

10.  TestOut 14.1.2- DEMO Configuring an IDS/IPS  TestOut 14.1.5- LAB Configure Intrusion Prevention  TestOut 14.1.6- LAB Enable Wireless Intrusion Prevention  TestOut 14.1.9- Practice Questions (15)

11. 14.3

12.  Switches, routers, firewalls  Installed in secure location; locked doors  Change default username/password  Limit admin user access  Switches & routers  Use VLANs to isolate traffic  ACLs  Port security/MAC address  SSH (not Telnet)

13.  Servers  Install only needed software (no extras)  Install anti-malware software  Apply patches & service packs  User Accounts  Multi-factor; username/password & smartcard  Account lockout  Time of day restrictions  Passwords  Aging- change password every so often  Can’t reuse old passwords

14.  Switches have CAM table with MAC addresses learned & port they are on  Two security methods:  Restrict each port to a specific MAC address  Set max # of MAC addresses a port can learn

15.  Actions for port security  Protect Disallow unknown MAC  Restrict Disallow unknown MAC, creates a log message  Shut down Port shuts down & admin must reset it

16.  On a switch  Filters out untrusted DHCP messages  Prevents rogue DHCP servers (possibly from outside the network) from offering clients an IP address

17.  TestOut 14.3.4- DEMO Configuring Switch Port Security  TestOut 14.3.5- LAB Configure Port Security

18.  Complete the study guide handout  Complete TestOut  Practice in Packet Tracer  Jeopardy review

19. Chapter 14