Download presentation
Presentation is loading. Please wait.
Published byAdrian Perry Modified over 9 years ago
1
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edujmcdanolds@kaplan.edu Office Hours: Tuesday 4:00 PM ET and Wednesday 6:00 PM ET 1
2
CHAPTER 4 OVERVIEW Monitoring Activity and Intrusion Detection Monitoring the Network Understanding Intrusion Detection Systems Working with Wireless Systems Understanding Instant Messaging Features Working with 8.3 File Naming Understanding Protocol Analyzers Understanding Signal Analysis and Intelligence Footprinting Scanning 2
3
CHAPTER 4 Monitoring the Network Monitoring – what is it? Who does it ? Why do you need to know how to do it? Types of Network Traffic TCP/IP Novell - IPX/SPX and NDS/eDirectory Microsoft - NetBIOS/NetBEUI and WINS Network File System (NFS) Apple Monitoring Network Systems – tap locations 3
4
CHAPTER 4 There are many scanning and monitoring tools Freeware: Ethereal - http://ethereal.com/ Ethereal works on Windows XP - you will need to install WinPcap http://www.winpcap.org/ Wireshark - http://wiki.wireshark.org/ One example of vendor products: NetScanTools Basic is a free download NetScanTools Pro is $249 less 20% for education discount. NetScanTools http://www.netscantools.com/ 4 Real Time Monitoring
5
CHAPTER 4 Field Trip… Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. Left hand side of screen – 20 minute video ONLY first 3 minutes - you can view the entire tour later… http://www.akamai.com/html/technology/nocc.html 5 Real Time Monitoring
6
CHAPTER 4 Field Trip… Ethical Hacking How To: Tutorial on ARP Scanning to Discover ALL Local Devices http://www.netscantools.com/videos.html http://www.youtube.com/watch?v=ClM2UgQpEPA Later… Visit to the “Case of the Disappearing Sales Calls”. Outlines how a sales rep’s traffic indicated how she spent time at work. Betty DeBois http://www.cacetech.com/resources.html http://www.cacetech.com/media/network_mysteries/disappearing_sales_calls/ 6 Real Time Monitoring
7
CHAPTER 4 Intrusion Detection Systems Terms – pg 180 to 190 Intrusion detection systems (IDS) Two primary approaches: signature-based and anomaly-based Signature-based - misuse-detection IDS (MD-IDS) Anomaly-detection IDS (AD-IDS) Network-based IDS (N-IDS) Passive Response Active Response Host-based IDS (H-IDS) NIPS – Network Intrusion Prevention Systems 7
8
CHAPTER 4 Intrusion Detection Systems Software, hardware, managed IDS Symantec, Cisco, McAfee, IBM, etc. Open source: Snort : Everyone's favorite open source IDS Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Etc. 8
9
CHAPTER 4 Using Honeypots What is a honeypot? A computer that is designated as a target for computer attacks and is used to gather information about the attacker. SANS article http://www.sans.org/security-resources/idfaq/honeypot3.php 9
10
CHAPTER 4 Understanding Incident Response Step 1: Identifying the Incident Step 2: Investigating the Incident Step 3: Repairing the Damage Step 4: Documenting and Reporting the Response Step 5: Adjusting Procedures 10
11
CHAPTER 4 Working with Wireless Systems Wireless Transport Layer Security (WTLS) IEEE 802.11x Wireless Protocols WEP/ WAP Wireless Vulnerabilities Wireless Intrusion Detection System (WIDS) Motorola - http://www.airdefense.net/ http://www.wildpackets.com/ 11
12
CHAPTER 4 Instant Messaging IM Vulnerabilities Controlling Privacy 12
13
CHAPTER 4 Working with 8.3 File Naming Carryover from the days of FAT Common file extensions for executables 13
14
CHAPTER 4 Understanding Protocol Analyzers Protocol analyzing and packet sniffing are interchangeable terms Sniffing is the process of monitoring data transmitted across a network Instant Messaging is susceptible to sniffing 14
15
CHAPTER 4 Signal Analysis and Signal Intelligence Footprinting Scanning 15
16
CHAPTER 4 SUMMARY Monitoring versus Auditing External monitoring – Internal monitoring Audit Logs - User privileges, file access, sensitive folders (examples) Real-time versus alert-based, regularly required audit log analysis More on Auditing later - discussed in a later chapter. 16
17
CHAPTER 4 Unit 4 Assignment Unit 4 Project - Three questions, each at least one page. 1. Using your favorite Internet search tool search out and evaluate three protocol analyzers. List advantages and disadvantages for each of the three selected. 2. Examine honeypots in terms of system monitoring. Do you feel these are a benefit or are they are not worth the time/risk/expense? Defend your position. 3. Compare and contrast footprinting and scanning. Describe defense measures you can take as a network administrator to defend against each. APA Style – Title Page, Reference Page. Where did you find your info. Questions? 17
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.