Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

Published byAshley Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:"— Presentation transcript:

1 UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information: AIM – JMcDanolds Email – jmcdanolds@kaplan.edujmcdanolds@kaplan.edu Office Hours: Tuesday, 8:00 PM ET, Wednesday 8:00 PM ET 1

2 CHAPTER 3 What was covered last week… Chapter 3 - Infrastructure and Connectivity Understanding Infrastructure Security Understanding Network Infrastructure Devices Monitoring and Diagnosing Networks Securing Workstations and Servers Understanding Mobile Devices and Remote Access Securing Internet Connections Understanding Network Protocols Basics of Cabling, Wires and Communications Employing Removable Media

3 CHAPTER 3 Quick check of concepts… Quickly type your response to these three questions: Example: type #1 and then your answer #1 Well-known TCP Port Number for HTTP, FTP and SNMP (Hint: search - well-known ports) #2 Name two standard routing protocols #3 Define RADIUS

4 CHAPTER 4 OVERVIEW Monitoring Activity and Intrusion Detection Monitoring the Network Understanding Intrusion Detection Systems (IDS) Working with Wireless Systems Understanding Instant Messaging Features Working with 8.3 File Naming Understanding Protocol Analyzers Understanding Signal Analysis and Intelligence Footprinting Scanning 4

5 CHAPTER 4 Monitoring the Network Monitoring – what is it? Who does it ? Why do you need to know how to do it? Types of Network Traffic TCP/IP Novell - IPX/SPX and NDS/eDirectory Microsoft - NetBIOS/NetBEUI and WINS Network File System (NFS) Apple Monitoring Network Systems – tap locations 5

6 CHAPTER 4 There are many scanning and monitoring tools Freeware: Ethereal - http://ethereal.com/ Ethereal works on Windows - you will need to install WinPcap http://www.winpcap.org Wireshark - http://wiki.wireshark.org/ 4th Annual Sharkfest – recent conference – view videos, etc. http://sharkfest.wireshark.org/ http://www.lovemytool.com/blog/sharkfest/ One example of vendor products: NetScanTools Basic is free, NetScanTools Pro - $249 (-20% Education) NetScanTools http://www.netscantools.com/ 6 Real Time Monitoring

7 CHAPTER 4 Field Trip… Visit to Akamai Technologies‘ state-of-the-art Network Operations Command Center, located in Cambridge, Massachusetts. The Akamai NOCC enables proactive monitoring and troubleshooting of all servers in the global Akamai network. Left hand side of screen – 20 minute video ONLY first 3 minutes - you can view the entire tour later… http://www.akamai.com/html/technology/nocc.html 7 Real Time Monitoring

8 CHAPTER 4 Field Trip… Ethical Hacking How To: Tutorial on ARP Scanning to Discover ALL Local Devices http://www.netscantools.com/videos.html Go visit this site later… Solving Network Mysteries Video Series Visit to the “Case of the Disappearing Sales Calls” – 5 minutes. Outlines how a sales rep’s traffic indicated how she spent her time at work! Betty DeBois http://www.cacetech.com/resources.html http://www.cacetech.com/media/network_mysteries/disappearing_sales_calls/ Voice over IP (VoIP – pronounced “voy-p”) is part of this capture 8 Real Time Monitoring

9 CHAPTER 4 Intrusion Detection Systems Terms – pg 180 to 190 Intrusion detection systems (IDS) Two primary approaches: signature-based and anomaly-based Signature-based - misuse-detection IDS (MD-IDS) Anomaly-detection IDS (AD-IDS) Network-based IDS (N-IDS) Passive Response Active Response Host-based IDS (H-IDS) NIPS – Network Intrusion Prevention Systems 9

10 CHAPTER 4 Intrusion Detection Systems Software, hardware, managed IDS Symantec, Cisco, McAfee, IBM, etc. Open source: Snort : Everyone's favorite open source IDS Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. 10

11 CHAPTER 4 Using Honeypots What is a honeypot? A computer that is designated as a target for computer attacks and is used to gather information about the attacker. SANS article http://www.sans.org/security-resources/idfaq/honeypot3.php 11

12 CHAPTER 4 Understanding Incident Response Step 1: Identifying the Incident Step 2: Investigating the Incident Step 3: Repairing the Damage Step 4: Documenting and Reporting the Response Step 5: Adjusting Procedures 12

13 CHAPTER 4 Working with Wireless Systems Wireless Transport Layer Security (WTLS) IEEE 802.11x Wireless Protocols WEP/ WAP Wireless Vulnerabilities Wireless Intrusion Detection System (WIDS) Motorola - http://www.airdefense.net/ http://www.wildpackets.com/ 13

14 CHAPTER 4 Instant Messaging IM Vulnerabilities Controlling Privacy 14

15 CHAPTER 4 Working with 8.3 File Naming Carryover from the days of FAT Common file extensions for executables Set your Windows Explorer to display extentions 15

16 CHAPTER 4 Understanding Protocol Analyzers Protocol analyzing and packet sniffing are interchangeable terms Sniffing is the process of monitoring data transmitted across a network Instant Messaging is susceptible to sniffing 16

17 CHAPTER 4 Signal Analysis and Signal Intelligence Footprinting Scanning Nmap nmap.org WARNING: ISP problems Nmap is a free, open-source port scanner available for both UNIX and Windows. Videos on Youtube, also tutorials http://nmap.org/bennieston-tutorial/ In the movies – Hollywood likes Nmap! http://nmap.org/movies.html 17

18 CHAPTER 4 SUMMARY Monitoring versus Auditing External monitoring – Internal monitoring Audit Logs - User privileges, file access, sensitive folders (examples) Real-time versus alert-based, regularly required audit log analysis More on Auditing later - discussed in a later chapter 18

19 CHAPTER 4 Unit 4 Assignment Unit 4 Project - three questions, each at least one page. 19

20 CHAPTER 4 Unit 4 Assignment Unit 4 Project - three questions, each at least one page. 1. Using your favorite Internet search tool search out and evaluate three protocol analyzers. List advantages and disadvantages for each of the three selected. 2. Examine honeypots in terms of system monitoring. Do you feel these are a benefit or are they are not worth the time/risk/expense? Defend your position. 3. Compare and contrast footprinting and scanning. Describe defense measures you can take as a network administrator to defend against each. APA Style: Title Page, Reference Page. Cite your sources. Use APA Sample. Questions? 20

Download ppt "UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:"

Similar presentations

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.

Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds,

UNIT 9 SEMINAR – THE LAST ONE  ! Unit 9 Chapter 9 in CompTIA Security + 1 Course Name – IT Introduction to Network Security Instructor – Jan McDanolds,
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT286-01 Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:

UNIT 4 SEMINAR Unit 4 Chapter 4 in CompTIA Security + Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS Contact Information:
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Network Administration! Course Name – IT278 Network Administration Instructor – Jan McDanolds,

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Network Administration! Course Name – IT278 Network Administration Instructor – Jan McDanolds,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.
Hands-on Networking Fundamentals

Hands-on Networking Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.
CHAPTER Protocols and IEEE Standards. Chapter Objectives Discuss different protocols pertaining to communications and networking.

CHAPTER Protocols and IEEE Standards. Chapter Objectives Discuss different protocols pertaining to communications and networking.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?

Similar presentations

Ads by Google