SlideShare une entreprise Scribd logo

Network Security Fundamentals

Rahmat Suhatman
Rahmat Suhatman

How To Learn The Network Security Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna. Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan. Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau. Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer. Terimakasih

Formation
1  sur  96
Programs: Certified Computer Security Officer (CCSO) Certified Computer Security Analyst (CCSA) LSP Telematika Semi Yulianto Created By Shared By Linuxer@kaskus.co.id
Semi Yulianto MCT, MCP, MCSA, MCSE, MCSA & MCSE: Security, MCTS, MCITP, CCNA, CCNP, CNI, CNA, CNE, CCA, CIW-CI, CIW-SA, CEI, CEH, ECSA, CHFI, EDRP, ECSP, etc  Independent Trainer and Consultant  EC-Council Indonesia & Asia Pacific (Jakarta, Indonesia) Current Roles: ITS2 (Riyadh, Saudi Arabia) Senior Technical Trainer/Security Consultant IshanTech (M) Sdn Bhd (Kuala Lumpur, Malaysia)  Security Consultant (Web Application Pen-Tester)  Security Consultant (ESET Anti-Virus & Smart Security) semi.yulianto@flexi-learn.com and semi.yulianto2009@gmail.com Contacts: +62 852 1325 6600 and +60 14 9377 462
1. Network Security Part I 2. Threats to Network Security 3. Security and People 4. Secure Network Infrastructure 6. Identity Services 5. Virtual Private Networks (I) 7. Anti-Virus 8. Access Controls 9. Firewalls (II) 11. Bastian Host 10. Intrusion Detection System (IDS) + Iprevention S (III) 12. Honey pot (IV)
1. Policy Management Part II 2. Vulnerability Assessment 4. Patch Management 3. Encryption (V + VI) 6. Incident Handling 5. OS Hardening (VII) 7. Client-Side Attacks 8. Ethical Hacking and Pen-Test 9. Penetration Testing 10. IT Infra Threat Modeling 11. Do and Don’ts 12. Best Practices
Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability  of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most  effective set of tools to combat them.
Today’s system/network administration should includes security related activities such as patch management, OS, host and device hardening and network vulnerability  assessment. System/Network Administrators should be ready to perform those related activities to protect and prevent from malicious hackers, external and internal attacks.  Responsibilities of the System/Network Administrators should not only limited to managing and administering the existing system/network, security should be added since it’s  vital to protect the organization’s assets (data, information and IP).
Computer programs written by devious programmers Viruses and designed to replicate themselves and infect  computers when triggered by a specific event. Delivery vehicles for destructive code, which appear to Trojan Horses Programs be harmless or useful software programs such as games.  Software applications or applets that cause destruction.  Vandals
 Attacks Information-gathering activities to collect data that is later ◦ Reconnaissance attacks used to compromise networks. Exploit network vulnerabilities in order to gain entry to e-mail, ◦ Access attacks databases, or the corporate network. Prevent access to part or all of a computer system. ◦ Denial-of-service (DoS) attacks
Involves eavesdropping on communications or  Data Interception altering data packets being transmitted. Obtaining confidential network security information  Social Engineering through nontechnical means, such as posing as a technical support person and asking for people's passwords.
None of the approaches alone will be sufficient to protect a network, but when they are layered together, they can be highly effective in keeping a  network safe from attacks and other threats to security. Well-thought-out corporate policies are critical to determine and control access to various parts of the network. 
Security is not only about the technology, it’s about people, processes and other related components linked together. Do not just depend on technology  since they can change very fast and we may not be able to keep up. Human is the weakest link in the security chain. Educate people to reduce the threats and attacks (fact: 40% of the attacks are coming from the  Insider).
Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and  security management. Dedicated network security hardware and software- tools such as firewalls and intrusion detection systems provide protection for all areas of the  network and enable secure connections.
Virtual Private Networks (VPN) provide access control and data encryption between two different computers on a network.  VPN allows remote workers to connect to the network without the risk of a hacker or thief intercepting data. 
Identity management or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or  an organization) and controlling the access to the resources in that system by placing restrictions on the established identities. Identity management or IDM is a term related to how humans are identified and authorized across computer networks. It covers issues such as how users are given  an identity, the protection of that identity and the technologies supporting that protection such as network protocols, digital certificates, passwords and so on.
Anti-virus software is a necessary part of a good security program. If properly implemented and configured, it can reduce an organization’s exposure to malicious programs.  Anti-virus software only protects an organization from malicious programs (and not all of them—remember Melissa?).  Anti-virus software will not protect an organization from an intruder who misuses a legitimate program to gain access to a system.  Nor will anti-virus software protect an organization from a legitimate user who attempts to gain access to files that he should not have access to. 
Each and every computer system within an organization should have the capability to restrict access to files based on the ID of the user attempting  the access. If systems are properly configured and the file permissions set appropriately, file access controls can restrict legitimate users from accessing files  they should not have access to.
File access controls will not prevent someone from using a system vulnerability to gain access to the system as an administrator and thus see files on the  system. Even access control systems that allow the configuration of access controls on systems across the organization cannot do this, to the access control  system, such an attack will look like a legitimate administrator attempting to access files to which the account is allowed access.
Firewalls are access control devices for the network and can assist in protecting an organization’s internal network from external attacks.  By their nature, firewalls are border security products, meaning that they exist on the border between the internal network and the external  network. Properly configured, firewalls have become a necessary security device. 
Firewalls can be implemented in either hardware or software, or a combination of both.  Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.  All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security  criteria.
A firewall will not prevent an attacker from using an allowed connection to attack a system.  ◦ For example: if a Web server is allowed to be accessed from the outside and is vulnerable to an attack against the Web server software, a firewall will likely allow this attack since the Web server should receive Web connections. Firewalls will also not protect an organization from an internal user since that internal user is already on the internal network. 
Firewall techniques: Packet filtering inspects each packet passing through the network and accepts or  Packet filter rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing. Applies security mechanisms to specific applications, such as FTP and Telnet Application gateway servers. This is very effective, but can impose a performance degradation.  Applies security mechanisms when a TCP or UDP connection is established. Once Circuit-level gateway the connection has been made, packets can flow between the hosts without further  checking. Intercepts all messages entering and leaving the network. The proxy server Proxy server effectively hides the true network addresses. 
In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger  untrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network.  The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the  DMZ, rather than any other part of the network.
Generally, any service that is being provided to users from an external network could be placed in the DMZ.  The most common of these services are web servers, mail servers, FTP servers, VoIP servers and DNS servers.  In some situations, additional steps need to be taken to be able to provide secure services. 
Intrusion detection systems were once touted as the solution to the entire security problem.  No longer would we need to protect our files and systems, we could just identify when someone was doing something wrong and stop them.  Some of the intrusion detection systems were marketed with the ability to stop attacks before they were successful.  No intrusion detection system is foolproof and thus they cannot replace a good security program or good security practice. They will also not detect legitimate users who may  have incorrect access to information.
Types of Intrusion Detection Systems: It is an independent platform that identifies intrusions by Network Intrusion Detection System (NIDS) examining network traffic and monitors multiple hosts. Network  Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort. It consists of an agent on a host that identifies intrusions by Host-based Intrusion Detection System (HIDS) analyzing system calls, application logs, file-system modifications  (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC (open source free host-based intrusion detection system).
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks.  The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.  It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access  from untrusted networks or computers.
There are two common network configurations that include bastion hosts and their placement. ◦ The first requires two firewalls, with bastion hosts sitting between  the first "outside world" firewall. ◦ An inside firewall, in a demilitarized zone (DMZ). Often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall.  Bastion hosts are related to multi-homed hosts and screened hosts. While a dual-homed host often contains a firewall it is also used to host other services as well. A screened host is a  dual-homed host that is dedicated to running the firewall.
1. Web server Examples of bastion host systems/services: 2. DNS (Domain Name System) server 3. Email server 4. FTP (File Transfer Protocol) server 5. Proxy server 6. Honeypot 7. VPN (Virtual Private Network) server
Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.  Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which  seems to contain information or a resource of value to attackers. A honeypot is valuable as a surveillance and early- warning tool. 
While it is often a computer, a honeypot can take other forms, such as files or data records, or even unused IP address space.  A honeypot that masquerades as an open proxy to monitor and record those using the system is a sugarcane.  Honeypots should have no production value, and hence should not see any legitimate traffic or activity. 
Policies and procedures are important components of a good security program and the management of policies across computer systems is equally important.  With a policy management system, an organization can be made aware of any system that does not conform to policy.  Policy management may not take into account vulnerabilities in systems or misconfigurations in application software, either of these may lead to a successful penetration.  Policy management on computer systems also does not guarantee that users will not write down their passwords or give their passwords to unauthorized individuals. 
Assessing computer systems for vulnerabilities is an important part of a good security program. Such assessment will help an organization to identify  potential entry points for intruders. Vulnerability assessment will not protect your computer systems.  Each vulnerability must be fixed after it is identified. Vulnerability assessment will not detect legitimate users  who may have inappropriate access nor will it detect an intruder who is already in your systems. 
Encryption is the primary mechanism for communications security. It will certainly protect information in transit.  Encryption might even protect information that is in storage by encrypting files. However, legitimate users must have access to these files.  The encryption system will not differentiate between legitimate and illegitimate users if both present the same keys to the encryption algorithm. Therefore, encryption by  itself will not provide security. There must also be controls on the encryption keys and the system as a whole. 
Patch management is an area of systems management that involves: acquiring, testing, and installing multiple patches (code changes) to an  administered computer system. Effective patch management is the first line of defense for networks of any size.  Patch management is an important part of every IT administrator's responsibility. 
To maintain a secure network, one must ensure that the latest security patches and operating system service packs are installed network-wide.  Patch management software also plays a part in adhering to the most recent compliance regulations such as the Sarbanes-Oxley Act and HIPAA, which  require enterprises to maintain control of their information assets.
Effective patch management involves not only the discovery of software vulnerabilities but also the subsequent patch deployment to the multiple computers  on the network. IT administrators understand the effects that un- patched computers can have on a network.  Because they also fully recognize the challenge of ensuring network-wide protection, an easy-to- administer patch management solution has quickly  become the tool of choice for IT administrators.
A number of products are available to automate patch management tasks.  Like its real world counterpart, a patch is a "make- do" fix rather than an elegant-solution. Patches are sometimes ineffective, and can sometimes cause  more problems than they fix.
System administrators take simple steps to avoid problems, such as performing backups and testing patches on non-critical systems prior to  installations. Security patch management is patch management with a focus on reducing security vulnerabilities. It should not be a defensive procedure in reaction to  critical incidents.
Patch Deployment Cycle: Detect - Use patch management software to scan for missing security patches. Detection should be automated and should trigger the patch management process.  Acquire - If the vulnerability is not addressed by the security measures already in place, download the patch for testing.  Test - Install the patch on a realistic operational environment to ensure that the security fixes are suitable and do not compromise your system.  Deploy - Allow patch deployment to the other computers on the network. Review this deployment to ensure its success with minimum impact on system users.  Maintain - Subscribe to notifications that alert you to vulnerabilities as they are reported. Once a new security patch is available, the process is started again. 
1. Maintaining current knowledge of available Patch Management task include: patches. 2. Deciding what patches are appropriate for particular systems. 3. Ensuring that patches are installed properly, testing systems after installation. 4. Documenting all associated procedures, such as specific configurations required.
1. http://technet.microsoft.com/en-us/wsus/default.aspx Patch Management Solutions: 2. http://www.shavlik.com 3. http://www.kaseya.com 4. http://www.symantec.com 5. http://www.ecora.com 6. http://www.lumension.com 7. http://www.gfi.com 8. http://www.landesk.com 9. http://www.manageengine.com 10. http://www.everdream.com
OS Hardening is the process to address security weaknesses in operation systems by implementing the latest OS paches, hotfixes and updates and  following procedures and policies to reduce attacks and system down time. The idea of OS hardening is to minimize a computer's exposure to current and future threats by fully configuring the operating system and  removing unnecessary applications.
Incident handling is a generalized term that refers to the response by a person or organization to an attack.  An organized and careful reaction to an incident can mean the difference between complete recovery and total disaster. 
Incident Handling Steps: Preparation - Comprehensively addressing the issue of security includes methods to prevent attack as well as how to respond to a successful one.  Identification of Attack - The first post-attack step in Incident handling is the identification of an incident. Identification of an incident becomes more difficult as the complexity of the attack grows.  Containment of Attack - Once an attack has been identified, steps must be taken to minimize the effects of the attack. Containment allows the user or administrator to protect other systems and networks from the attack and limit damage.  Recovery and Analysis - The recovery phase allows users to assess what damage has been incurred, what information has been lost and what the post-attack status of the system is. Once the user can be assured that the attack has been contained, it  is helpful to conduct an analysis of the attack.
Case Study (Discussion) 1. Preparation Viruses Outbreak 2. Identification of the attack  3. Containment of the attack 4. Recovery & Analysis 1. Preparation System Compromise 2. Identification of the attack  3. Containment of the attack 4. Recovery & Analysis
Traditionally, attackers went for hacking servers, but there has been a shift to the client side because server-side applications have been targets for attackers since 2001, and these applications have  matured. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail  clients. The remedy is to maintain the most current application patch levels, keep antivirus software updated and seek and remove unauthorized applications.  Keeping authorized software to a minimum also decreases exposure. 
 Application vulnerabilities exceeds OS vulnerabilities
 Two main avenues for exploiting and compromising web servers: Web Application Attacks brute force password guessing attacks and web application attacks. Microsoft SQL, FTP, and SSH servers are popular targets for password guessing attacks because of the access that is gained if a valid username/password pair is identified.  SQL Injection, Cross-site Scripting and PHP File Include attacks continue to be the three most popular techniques used for compromising web sites.  Automated tools, designed to target custom web application vulnerabilities, make it easy to discover and infect several thousand web sites. 
 Attacks on Microsoft Windows operating systems were Windows: Conficker/Downadup dominated by Conficker/ Downadup worm variants. For the past six months, over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin  MS08-067. Although in much smaller proportion, Sasser and Blaster, the infamous worms from 2003 and 2004, continue to infect many networks. 
 Attacks on critical Microsoft vulnerabilities
 Attacks on critical Microsoft vulnerabilities
 Attacks on critical Apple vulnerabilities
 Step 0: Attacker places contents on trusted site. Client-Side Attacks Example (Step-by-Step)  Step 1: Client-side exploitation.  Step 2: Established reverse shell backdoor using HTTPS.  Step 3: Dump hashes and use pass-the-hash attack to pivot.  Step 4: Pass the hash to compromise Domain Controller.
 Step 0: Attacker places contents on trusted site
 Step 1: Client-side exploitation
 Step 2: Established reverse shell backdoor using HTTPS
 Step 3: Dump hashes and use pass-the-hash attack to pivot
 Step 4: Pass the hash to compromise Domain Controller
A penetration test of which the goal is to discover Ethical Hacking trophies throughout the network within the  predetermined project time limit. A goal-oriented project of which the goal is the Penetration Testing trophy and includes gaining privileged access by  pre-conditional means.
A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known  as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known  and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
Analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities.  Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical  solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered.   It is a component of a full security audit.
The IT Infrastructure Threat Modeling Guide provides an easy-to-understand method for developing threat models that can help prioritize  investments in IT infrastructure security. This guide describes and considers the extensive methodology that exists for Security Development Lifecycle (SDL) threat modeling and uses it to  establish a threat modeling process for IT infrastructure.
 Primary steps of the Threat Modeling Process:
Threat Modeling Guide is designed to help IT 1. Identify threats that could affect their professionals accomplish the following: organizations’ IT infrastructures. 2. Discover and mitigate design and implementation issues that could put IT infrastructures at risk. 3. Prioritize budget and planning efforts to address the most significant threats. 4. Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner.
1. Do choose your passwords carefully. Dos: 2. Do learn about network security. 3. Do save your work-related data on the network. 4. Do encrypt data. 5. Do utilize network virus protection software. 6. Do report any unauthorized use of your computer. 7. Do lock your workstation when you step away from your computer. 8. Do inform administrators of employee departures.
1. Don’t leave passwords around your workplace. Don’ts: 2. Don’t save personal or sensitive information on shared network resources. 3. Don’t open suspect e-mails. 4. Don’t leave sensitive data on your hard drive. 5. Don’t use automatic login features. 6. Network security should always be taken seriously.
In order to effectively secure your network environment, you must first become Assess Your Environment familiar with all of its components.  Being part of the connected world brings many benefits as well as challenges. Any Protect Your Network computer within your network that is connected to the Internet, directly or  indirectly, is a potential risk for an attack from viruses or external attackers. You should be sure to take sufficient steps to harden your core operating systems Protect Your Servers and Clients and major applications from common attacks.  Monitoring and auditing are central to an organization's security efforts. We often Monitor Your Environment think of monitoring as watching and waiting for an event to occur so that we can  react to the situation.
1. Selecting a Good Anti-Virus Software 2. Testing and Evaluating Anti-Virus Software 3. Analyzing and Implementing File & Folder Permissions 4. Analyzing and Implementing Database Security 5. Analyzing Local Security Policy 6. Analyzing and Implementing Security Templates 7. Implementing Group Policy 8. Implementing Encrypted File System (EFS) 9. Implementing Disk Encryption 10. Selecting Patch Management solutions 11. Implementing Patch Management 12. Configuring IDS and Firewall 13. Analyzing IDS and Firewall Rules 14. Testing IDS and Firewall

Recommandé

Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layersDepartment of Computer Science
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 

Recommandé

Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layersDepartment of Computer Science
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Information security
Information securityInformation security
Information securitySina Bagherinezhad
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Network security
Network securityNetwork security
Network securityNkosinathi Lungu
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Data security
Data securityData security
Data securityForeSolutions
 
Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDSHitesh Mohapatra
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentationChris Geier
 

Contenu connexe

Tendances

Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 

Tendances (20)

Information security
Information securityInformation security
Information security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Network security
Network security Network security
Network security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Network security
Network securityNetwork security
Network security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Cia security model
Cia security modelCia security model
Cia security model
 
Network Security
Network SecurityNetwork Security
Network Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Data security
Data securityData security
Data security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information security
Information securityInformation security
Information security
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 

En vedette

Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentationChris Geier
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteAtharaw Deshmukh
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Digital data transmission
Digital data transmissionDigital data transmission
Digital data transmissionBZU lahore
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer Protocolguest029bcd
 

En vedette (9)

Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentation
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol Suite
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Digital data transmission
Digital data transmissionDigital data transmission
Digital data transmission
 
File Transfer Protocol
File Transfer ProtocolFile Transfer Protocol
File Transfer Protocol
 
Network security
Network securityNetwork security
Network security
 

Similaire à Network Security Fundamentals

unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptxlochanrajdahal
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Jennifer Letterman
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxjeanettehully
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxtodd521
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................MuhammadKhalil858111
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless NetworkingGulshanAra14
 
Network_Security1.pdf.pdf
Network_Security1.pdf.pdfNetwork_Security1.pdf.pdf
Network_Security1.pdf.pdfahmed53254
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015Jeffery Brown
 

Similaire à Network Security Fundamentals (20)

Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptx
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdf
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptx
 
Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Network security
Network securityNetwork security
Network security
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docxRunning Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
Running Head RISK, THREAT AND VULNERABILITY MANAGEMENT .docx
 
network security.001.pptx................
network security.001.pptx................network security.001.pptx................
network security.001.pptx................
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
Network_Security1.pdf.pdf
Network_Security1.pdf.pdfNetwork_Security1.pdf.pdf
Network_Security1.pdf.pdf
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
Data security
Data securityData security
Data security
 
A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015A network security policy group project unit 4 (1) july 2015
A network security policy group project unit 4 (1) july 2015
 

Dernier

A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 

Dernier (20)

A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 

Network Security Fundamentals

  • 1. Programs: Certified Computer Security Officer (CCSO) Certified Computer Security Analyst (CCSA) LSP Telematika Semi Yulianto Created By Shared By Linuxer@kaskus.co.id
  • 2. Semi Yulianto MCT, MCP, MCSA, MCSE, MCSA & MCSE: Security, MCTS, MCITP, CCNA, CCNP, CNI, CNA, CNE, CCA, CIW-CI, CIW-SA, CEI, CEH, ECSA, CHFI, EDRP, ECSP, etc  Independent Trainer and Consultant  EC-Council Indonesia & Asia Pacific (Jakarta, Indonesia) Current Roles: ITS2 (Riyadh, Saudi Arabia) Senior Technical Trainer/Security Consultant IshanTech (M) Sdn Bhd (Kuala Lumpur, Malaysia)  Security Consultant (Web Application Pen-Tester)  Security Consultant (ESET Anti-Virus & Smart Security) semi.yulianto@flexi-learn.com and semi.yulianto2009@gmail.com Contacts: +62 852 1325 6600 and +60 14 9377 462
  • 3. 1. Network Security Part I 2. Threats to Network Security 3. Security and People 4. Secure Network Infrastructure 6. Identity Services 5. Virtual Private Networks (I) 7. Anti-Virus 8. Access Controls 9. Firewalls (II) 11. Bastian Host 10. Intrusion Detection System (IDS) + Iprevention S (III) 12. Honey pot (IV)
  • 4. 1. Policy Management Part II 2. Vulnerability Assessment 4. Patch Management 3. Encryption (V + VI) 6. Incident Handling 5. OS Hardening (VII) 7. Client-Side Attacks 8. Ethical Hacking and Pen-Test 9. Penetration Testing 10. IT Infra Threat Modeling 11. Do and Don’ts 12. Best Practices
  • 5. Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability  of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most  effective set of tools to combat them.
  • 6. Today’s system/network administration should includes security related activities such as patch management, OS, host and device hardening and network vulnerability  assessment. System/Network Administrators should be ready to perform those related activities to protect and prevent from malicious hackers, external and internal attacks.  Responsibilities of the System/Network Administrators should not only limited to managing and administering the existing system/network, security should be added since it’s  vital to protect the organization’s assets (data, information and IP).
  • 7. Computer programs written by devious programmers Viruses and designed to replicate themselves and infect  computers when triggered by a specific event. Delivery vehicles for destructive code, which appear to Trojan Horses Programs be harmless or useful software programs such as games.  Software applications or applets that cause destruction.  Vandals
  • 8. Attacks Information-gathering activities to collect data that is later ◦ Reconnaissance attacks used to compromise networks. Exploit network vulnerabilities in order to gain entry to e-mail, ◦ Access attacks databases, or the corporate network. Prevent access to part or all of a computer system. ◦ Denial-of-service (DoS) attacks
  • 9. Involves eavesdropping on communications or  Data Interception altering data packets being transmitted. Obtaining confidential network security information  Social Engineering through nontechnical means, such as posing as a technical support person and asking for people's passwords.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. None of the approaches alone will be sufficient to protect a network, but when they are layered together, they can be highly effective in keeping a  network safe from attacks and other threats to security. Well-thought-out corporate policies are critical to determine and control access to various parts of the network. 
  • 15. Security is not only about the technology, it’s about people, processes and other related components linked together. Do not just depend on technology  since they can change very fast and we may not be able to keep up. Human is the weakest link in the security chain. Educate people to reduce the threats and attacks (fact: 40% of the attacks are coming from the  Insider).
  • 16. Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and  security management. Dedicated network security hardware and software- tools such as firewalls and intrusion detection systems provide protection for all areas of the  network and enable secure connections.
  • 17. Virtual Private Networks (VPN) provide access control and data encryption between two different computers on a network.  VPN allows remote workers to connect to the network without the risk of a hacker or thief intercepting data. 
  • 18.
  • 19. Identity management or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or  an organization) and controlling the access to the resources in that system by placing restrictions on the established identities. Identity management or IDM is a term related to how humans are identified and authorized across computer networks. It covers issues such as how users are given  an identity, the protection of that identity and the technologies supporting that protection such as network protocols, digital certificates, passwords and so on.
  • 20.
  • 21.
  • 22. Anti-virus software is a necessary part of a good security program. If properly implemented and configured, it can reduce an organization’s exposure to malicious programs.  Anti-virus software only protects an organization from malicious programs (and not all of them—remember Melissa?).  Anti-virus software will not protect an organization from an intruder who misuses a legitimate program to gain access to a system.  Nor will anti-virus software protect an organization from a legitimate user who attempts to gain access to files that he should not have access to. 
  • 23.
  • 24.
  • 25. Each and every computer system within an organization should have the capability to restrict access to files based on the ID of the user attempting  the access. If systems are properly configured and the file permissions set appropriately, file access controls can restrict legitimate users from accessing files  they should not have access to.
  • 26. File access controls will not prevent someone from using a system vulnerability to gain access to the system as an administrator and thus see files on the  system. Even access control systems that allow the configuration of access controls on systems across the organization cannot do this, to the access control  system, such an attack will look like a legitimate administrator attempting to access files to which the account is allowed access.
  • 27.
  • 28. Firewalls are access control devices for the network and can assist in protecting an organization’s internal network from external attacks.  By their nature, firewalls are border security products, meaning that they exist on the border between the internal network and the external  network. Properly configured, firewalls have become a necessary security device. 
  • 29. Firewalls can be implemented in either hardware or software, or a combination of both.  Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.  All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security  criteria.
  • 30. A firewall will not prevent an attacker from using an allowed connection to attack a system.  ◦ For example: if a Web server is allowed to be accessed from the outside and is vulnerable to an attack against the Web server software, a firewall will likely allow this attack since the Web server should receive Web connections. Firewalls will also not protect an organization from an internal user since that internal user is already on the internal network. 
  • 31. Firewall techniques: Packet filtering inspects each packet passing through the network and accepts or  Packet filter rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing. Applies security mechanisms to specific applications, such as FTP and Telnet Application gateway servers. This is very effective, but can impose a performance degradation.  Applies security mechanisms when a TCP or UDP connection is established. Once Circuit-level gateway the connection has been made, packets can flow between the hosts without further  checking. Intercepts all messages entering and leaving the network. The proxy server Proxy server effectively hides the true network addresses. 
  • 32.
  • 33.
  • 34.
  • 35. In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger  untrusted network, usually the Internet. The term is normally referred to as a DMZ by IT professionals. It is sometimes referred to as a Perimeter Network.  The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the  DMZ, rather than any other part of the network.
  • 36. Generally, any service that is being provided to users from an external network could be placed in the DMZ.  The most common of these services are web servers, mail servers, FTP servers, VoIP servers and DNS servers.  In some situations, additional steps need to be taken to be able to provide secure services. 
  • 37.
  • 38.
  • 39. Intrusion detection systems were once touted as the solution to the entire security problem.  No longer would we need to protect our files and systems, we could just identify when someone was doing something wrong and stop them.  Some of the intrusion detection systems were marketed with the ability to stop attacks before they were successful.  No intrusion detection system is foolproof and thus they cannot replace a good security program or good security practice. They will also not detect legitimate users who may  have incorrect access to information.
  • 40. Types of Intrusion Detection Systems: It is an independent platform that identifies intrusions by Network Intrusion Detection System (NIDS) examining network traffic and monitors multiple hosts. Network  Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort. It consists of an agent on a host that identifies intrusions by Host-based Intrusion Detection System (HIDS) analyzing system calls, application logs, file-system modifications  (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC (open source free host-based intrusion detection system).
  • 41.
  • 42.
  • 43. A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks.  The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.  It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access  from untrusted networks or computers.
  • 44. There are two common network configurations that include bastion hosts and their placement. ◦ The first requires two firewalls, with bastion hosts sitting between  the first "outside world" firewall. ◦ An inside firewall, in a demilitarized zone (DMZ). Often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall.  Bastion hosts are related to multi-homed hosts and screened hosts. While a dual-homed host often contains a firewall it is also used to host other services as well. A screened host is a  dual-homed host that is dedicated to running the firewall.
  • 45. 1. Web server Examples of bastion host systems/services: 2. DNS (Domain Name System) server 3. Email server 4. FTP (File Transfer Protocol) server 5. Proxy server 6. Honeypot 7. VPN (Virtual Private Network) server
  • 46.
  • 47. Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.  Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which  seems to contain information or a resource of value to attackers. A honeypot is valuable as a surveillance and early- warning tool. 
  • 48. While it is often a computer, a honeypot can take other forms, such as files or data records, or even unused IP address space.  A honeypot that masquerades as an open proxy to monitor and record those using the system is a sugarcane.  Honeypots should have no production value, and hence should not see any legitimate traffic or activity. 
  • 49.
  • 50.
  • 51. Policies and procedures are important components of a good security program and the management of policies across computer systems is equally important.  With a policy management system, an organization can be made aware of any system that does not conform to policy.  Policy management may not take into account vulnerabilities in systems or misconfigurations in application software, either of these may lead to a successful penetration.  Policy management on computer systems also does not guarantee that users will not write down their passwords or give their passwords to unauthorized individuals. 
  • 52. Assessing computer systems for vulnerabilities is an important part of a good security program. Such assessment will help an organization to identify  potential entry points for intruders. Vulnerability assessment will not protect your computer systems.  Each vulnerability must be fixed after it is identified. Vulnerability assessment will not detect legitimate users  who may have inappropriate access nor will it detect an intruder who is already in your systems. 
  • 53.
  • 54.
  • 55. Encryption is the primary mechanism for communications security. It will certainly protect information in transit.  Encryption might even protect information that is in storage by encrypting files. However, legitimate users must have access to these files.  The encryption system will not differentiate between legitimate and illegitimate users if both present the same keys to the encryption algorithm. Therefore, encryption by  itself will not provide security. There must also be controls on the encryption keys and the system as a whole. 
  • 56.
  • 57.
  • 58. Patch management is an area of systems management that involves: acquiring, testing, and installing multiple patches (code changes) to an  administered computer system. Effective patch management is the first line of defense for networks of any size.  Patch management is an important part of every IT administrator's responsibility. 
  • 59. To maintain a secure network, one must ensure that the latest security patches and operating system service packs are installed network-wide.  Patch management software also plays a part in adhering to the most recent compliance regulations such as the Sarbanes-Oxley Act and HIPAA, which  require enterprises to maintain control of their information assets.
  • 60. Effective patch management involves not only the discovery of software vulnerabilities but also the subsequent patch deployment to the multiple computers  on the network. IT administrators understand the effects that un- patched computers can have on a network.  Because they also fully recognize the challenge of ensuring network-wide protection, an easy-to- administer patch management solution has quickly  become the tool of choice for IT administrators.
  • 61. A number of products are available to automate patch management tasks.  Like its real world counterpart, a patch is a "make- do" fix rather than an elegant-solution. Patches are sometimes ineffective, and can sometimes cause  more problems than they fix.
  • 62. System administrators take simple steps to avoid problems, such as performing backups and testing patches on non-critical systems prior to  installations. Security patch management is patch management with a focus on reducing security vulnerabilities. It should not be a defensive procedure in reaction to  critical incidents.
  • 63.
  • 64. Patch Deployment Cycle: Detect - Use patch management software to scan for missing security patches. Detection should be automated and should trigger the patch management process.  Acquire - If the vulnerability is not addressed by the security measures already in place, download the patch for testing.  Test - Install the patch on a realistic operational environment to ensure that the security fixes are suitable and do not compromise your system.  Deploy - Allow patch deployment to the other computers on the network. Review this deployment to ensure its success with minimum impact on system users.  Maintain - Subscribe to notifications that alert you to vulnerabilities as they are reported. Once a new security patch is available, the process is started again. 
  • 65. 1. Maintaining current knowledge of available Patch Management task include: patches. 2. Deciding what patches are appropriate for particular systems. 3. Ensuring that patches are installed properly, testing systems after installation. 4. Documenting all associated procedures, such as specific configurations required.
  • 66. 1. http://technet.microsoft.com/en-us/wsus/default.aspx Patch Management Solutions: 2. http://www.shavlik.com 3. http://www.kaseya.com 4. http://www.symantec.com 5. http://www.ecora.com 6. http://www.lumension.com 7. http://www.gfi.com 8. http://www.landesk.com 9. http://www.manageengine.com 10. http://www.everdream.com
  • 67.
  • 68.
  • 69.
  • 70. OS Hardening is the process to address security weaknesses in operation systems by implementing the latest OS paches, hotfixes and updates and  following procedures and policies to reduce attacks and system down time. The idea of OS hardening is to minimize a computer's exposure to current and future threats by fully configuring the operating system and  removing unnecessary applications.
  • 71. Incident handling is a generalized term that refers to the response by a person or organization to an attack.  An organized and careful reaction to an incident can mean the difference between complete recovery and total disaster. 
  • 72. Incident Handling Steps: Preparation - Comprehensively addressing the issue of security includes methods to prevent attack as well as how to respond to a successful one.  Identification of Attack - The first post-attack step in Incident handling is the identification of an incident. Identification of an incident becomes more difficult as the complexity of the attack grows.  Containment of Attack - Once an attack has been identified, steps must be taken to minimize the effects of the attack. Containment allows the user or administrator to protect other systems and networks from the attack and limit damage.  Recovery and Analysis - The recovery phase allows users to assess what damage has been incurred, what information has been lost and what the post-attack status of the system is. Once the user can be assured that the attack has been contained, it  is helpful to conduct an analysis of the attack.
  • 73. Case Study (Discussion) 1. Preparation Viruses Outbreak 2. Identification of the attack  3. Containment of the attack 4. Recovery & Analysis 1. Preparation System Compromise 2. Identification of the attack  3. Containment of the attack 4. Recovery & Analysis
  • 74. Traditionally, attackers went for hacking servers, but there has been a shift to the client side because server-side applications have been targets for attackers since 2001, and these applications have  matured. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail  clients. The remedy is to maintain the most current application patch levels, keep antivirus software updated and seek and remove unauthorized applications.  Keeping authorized software to a minimum also decreases exposure. 
  • 75. Application vulnerabilities exceeds OS vulnerabilities
  • 76.  Two main avenues for exploiting and compromising web servers: Web Application Attacks brute force password guessing attacks and web application attacks. Microsoft SQL, FTP, and SSH servers are popular targets for password guessing attacks because of the access that is gained if a valid username/password pair is identified.  SQL Injection, Cross-site Scripting and PHP File Include attacks continue to be the three most popular techniques used for compromising web sites.  Automated tools, designed to target custom web application vulnerabilities, make it easy to discover and infect several thousand web sites. 
  • 77.  Attacks on Microsoft Windows operating systems were Windows: Conficker/Downadup dominated by Conficker/ Downadup worm variants. For the past six months, over 90% of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin  MS08-067. Although in much smaller proportion, Sasser and Blaster, the infamous worms from 2003 and 2004, continue to infect many networks. 
  • 78. Attacks on critical Microsoft vulnerabilities
  • 79. Attacks on critical Microsoft vulnerabilities
  • 80. Attacks on critical Apple vulnerabilities
  • 81.  Step 0: Attacker places contents on trusted site. Client-Side Attacks Example (Step-by-Step)  Step 1: Client-side exploitation.  Step 2: Established reverse shell backdoor using HTTPS.  Step 3: Dump hashes and use pass-the-hash attack to pivot.  Step 4: Pass the hash to compromise Domain Controller.
  • 82. Step 0: Attacker places contents on trusted site
  • 83. Step 1: Client-side exploitation
  • 84. Step 2: Established reverse shell backdoor using HTTPS
  • 85. Step 3: Dump hashes and use pass-the-hash attack to pivot
  • 86. Step 4: Pass the hash to compromise Domain Controller
  • 87. A penetration test of which the goal is to discover Ethical Hacking trophies throughout the network within the  predetermined project time limit. A goal-oriented project of which the goal is the Penetration Testing trophy and includes gaining privileged access by  pre-conditional means.
  • 88. A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known  as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known  and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures.
  • 89. Analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities.  Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical  solution. The intent of a penetration test is to determine feasibility of an attack and the amount of business impact of a successful exploit, if discovered.   It is a component of a full security audit.
  • 90. The IT Infrastructure Threat Modeling Guide provides an easy-to-understand method for developing threat models that can help prioritize  investments in IT infrastructure security. This guide describes and considers the extensive methodology that exists for Security Development Lifecycle (SDL) threat modeling and uses it to  establish a threat modeling process for IT infrastructure.
  • 91. Primary steps of the Threat Modeling Process:
  • 92. Threat Modeling Guide is designed to help IT 1. Identify threats that could affect their professionals accomplish the following: organizations’ IT infrastructures. 2. Discover and mitigate design and implementation issues that could put IT infrastructures at risk. 3. Prioritize budget and planning efforts to address the most significant threats. 4. Conduct security efforts for both new and existing IT infrastructure components in a more proactive and cost-effective manner.
  • 93. 1. Do choose your passwords carefully. Dos: 2. Do learn about network security. 3. Do save your work-related data on the network. 4. Do encrypt data. 5. Do utilize network virus protection software. 6. Do report any unauthorized use of your computer. 7. Do lock your workstation when you step away from your computer. 8. Do inform administrators of employee departures.
  • 94. 1. Don’t leave passwords around your workplace. Don’ts: 2. Don’t save personal or sensitive information on shared network resources. 3. Don’t open suspect e-mails. 4. Don’t leave sensitive data on your hard drive. 5. Don’t use automatic login features. 6. Network security should always be taken seriously.
  • 95. In order to effectively secure your network environment, you must first become Assess Your Environment familiar with all of its components.  Being part of the connected world brings many benefits as well as challenges. Any Protect Your Network computer within your network that is connected to the Internet, directly or  indirectly, is a potential risk for an attack from viruses or external attackers. You should be sure to take sufficient steps to harden your core operating systems Protect Your Servers and Clients and major applications from common attacks.  Monitoring and auditing are central to an organization's security efforts. We often Monitor Your Environment think of monitoring as watching and waiting for an event to occur so that we can  react to the situation.
  • 96. 1. Selecting a Good Anti-Virus Software 2. Testing and Evaluating Anti-Virus Software 3. Analyzing and Implementing File & Folder Permissions 4. Analyzing and Implementing Database Security 5. Analyzing Local Security Policy 6. Analyzing and Implementing Security Templates 7. Implementing Group Policy 8. Implementing Encrypted File System (EFS) 9. Implementing Disk Encryption 10. Selecting Patch Management solutions 11. Implementing Patch Management 12. Configuring IDS and Firewall 13. Analyzing IDS and Firewall Rules 14. Testing IDS and Firewall