1. 1
MODULE 1
UNDERSTANDING SECURITY LAYERS:-
Understanding Core Security Principles:-
When we are working with information security field we will go through the
word CIA (confidentiality, integrity and availability)
1. CONFIDENTIALITY:- It defines as a characteristic ensuring access is
restricted to only permited user, application or computer system.
2. INTEGRITY: - Consistency and accuracy and validity of data &
information is known as integrity. One of the goal of a successful
information is to secure your information i.e. data should be protect
against unauthorized changes.
3. AVAILABILITY: - It defines resources being accessible to a user,
application or computer system when required.
Fig.1.1 Core SecurityPrinciples
2. 2
THREAT:-
It is defined as unauthorized access to the resource. We have 2 types of
threats:-
• PHYSICAL THREAT :- Damage to resources, which is physical e.g.
Burn hard disk
• LOGICAL THREAT :-Other way of damaging resource. Again it is
classified into 2 categories-
o Accidental Threat:- e.g. natural disaster like fire accident, electrical
short circuits.
o Delibrate Threat:-It is related to exploitation of system security e.g.
hacking , spams, worms etc.
RISK MANAGEMENT:-
Defines process ofidentifying, accessing and prioritizing risks and threats
e.g. backup servers.
Risk assessmentinclude four categories:-
i. Risk avoidance: - It is a process ofeliminating a risk by choosing not
to engage in any action or activity.
ii. Risk acceptance: - It defines the act of identifying and then making the
decision to acceptthe risk and impact of a specific risk.
iii. Risk mitigation: - It is defined as chances of reducing the risk on
impact of a risk to a particular level.
iv. Risk transfer: - It defines the act of taking steps to move responsibility
of a risk to a third part.
Understanding Attack Surfaces: -
An attack surface consists of set of methods an attacker can use to enter a
system and potentially cause damage to the system. To calculate the attack
surface of an environment it is evaluated into 3 components: -
i. Application
ii. Network
iii. Internal attack (or system)
3. 3
Application Attack Evaluating:-
When evaluating the application attack, you need to concentrate on the
following things: -
a) The amount of codeof an application
b) The no. of data input to an application
c) The no. of running services
Network Surface Evaluation: -
a) Network design and Architecture
b) Placement and rule sets of firewall
c) Other security concerns like VPN
Internal/employee Evaluation: -
a) The potential for human errors
b) The risk of malicious software and social engineering
SOCIAL ENGINEERING:-
It is a method used to gain access to data, systems, or networks primarily
through misrepresentation. These attacks can either by a person, email or
phones. To avoid social engineering attacks be suspicious to phone calls,
emails, etc.even verify identity.
Fig.1.2 SocialEngineering
4. 4
SITE SECURITY:-
It is a specialized area of security discipline where access controlis the
key conceptwhen thinking aboutphysical security. This site security is
designed may include the following:-
a) Authentication
b) Access control
c) Auditing
Physicalpremises are divided into 3 logicalareas:-
i. External parameter:-
External parameter uses security cameras and parameter fencing and
entry gates protected with guards and even gates with access card
reader.
ii. Internal parameter: -
Server wracks locking, keypad locking, security cameras, badge readers.
iii. Secure areas: -
• Highly protected
• Keypads
• Biometric technologies like finger or retina scanners and voice
recognition system.
Understanding Computer Security:-
It consists of the process,procedures and technologies used to protect
computer system e.g. computer security cable, docking stations, laptop
security cables, theft recovery software and laptop alarms. You can also
protect using key loggers. Using key loggers you can protect the key
strokes and also to install a software that records your complete video.
5. 5
MODULE 2
UNDERSTANDING OS SECURITY: -
Active Directory:-
It is a technology created by Microsoft in order to do centralized management of
entire enterprise network. This active directory includes different network
services such as-
a) LDAP(Light Weight DirectoryAccess Protocol):
It is an application protocolused for quering and modifying data using
directory services over TCP/IP. In active directory everything is arranged in
hierarchical order so that we can easily find the objects of structure.
b) SSO(Single SignOn):
This protocolprovides to log once and access multiple related but i
independent software systems without having to login again.
Domain Controller:
It is nothing but a window server that stores a replica of the accounts and
security information of a domain and also define domain boundaries .When we
install active directory services in 2008, 2012 it becomes domain
controller.Example-abc.com.
DC PROMOSS:
It is a command used to promoteserver to DC .When we install active directory
several MMC (Microsoft Management Console) and see different option that
are:
1. Active directory uses end computers
2. Active directory domains and services
3. Active directory administrative centre
4. Active directory sites and services.
6. 6
To identify a system is working in workgroup or domain check the properties
of my computer.
Terminology of Active Directory:
Parent Domain: First domain controller of your enterprise network .Example-
sun.com
Child Domain: apparent domain can have multiple child domains and it is
hierarchical structure.
Tree:combination of parent domain and child domains and its structure.
Forest:combination of multiple domains.example-sun.com,sun.net etc.
Site : dividing the domain based on the geographical area.
OU (Organisationalunits): It is used to divide the network into small groups
for administration .example-account department.
Users:aperson who have access to network resources.
Groups: Collection of users with similar properties
Compilers: A PC which has the access towards the active directory.
Fig.2.1 Active Directory
7. 7
User Category:
a) Local User Account: authentication is done local data base.
b) Global User Account or Domain User Account: authentication is done on
active directory.
GROUPS:
1. Security Groups: To assign rights and permissions to access resources.
2. Distribution Groups: these are non security groups.
GROUP SCOPE:
1. GlobalGroups: can be on any domain no limitation.
2. Universal Groups: a user of one domain can login on other domain
.Multiple domain functionality.
3. Domain Groups: Present on in any domain forest.
Built In Groups:
These groups are created automatically by the active directory.
Domain Admins: This group has computer administrator capatilty.
Domain Users : It is a default user group.
Account Operators: Users belongs to this group can create, modify, delete user
accounts but they do not have administrative rights.
BackupOperators: It provides rights to take the backup over network.
Authenticated User: Everyone
8. 8
MODULE 3
UNDERSTANDING SECURITY POLICIES:
Password Policies:
Password policies defines strong password and how user configure password
.Strong password can be determined by looking at the password length,
complexity and randomness. Microsoft provides number of controls that can
be used to ensure password security.
Password Complexity:
Different combination (upper caseto lower case plus numeric and special
symbols).
Password Length:
Microsoft by default its prompts up character for security concern .You can
define up to 14 characters.
Password History:
Set provides cache for the passwordscontent.
Time between Password Changes:
It defines time interval to change password frequently .example-email ,hosts
to server, database.
Account Lockout Policies:
It defines number of encrypt logon attempts permitted before a system lock
an account .
9. 9
Review Of password policies settings:
1. Go to start
2. Administrative servers
3. Local security policy
4. Expand this option
5.Two option:
a) Password policy:
1. Enforce password history
2. Maximum password age
3. Minimum password age
4. Password must need complexity requirements
5. Password encryption (enable)
Fig.3.1 PasswordPolicy
10. 10
b) Account policy:
1. Account lockout duration
2. Account lockout inreshold (for invalid login attempts)
3. Reset account lockout
Fig.3.2 AccountLockoutPolicy
GPO (Group policy Objects):
It is a set of rules that allow an administrator granular control over the
configuration of objects in active directory like users, computers, printers,
applications etc.
11. 11
Configure GPO:
Starts program ->administrative tools->active directory users to computers -
>window opens->expand the domain->right click ->click on properties ->click
on group policy tab->click on new ->enter the name of policy->close.
In order to make this policy as first priority to set priority go to group policy
tab->move the policy upset.
Understanding Common Attacks methods:
1. Dictionary Attack
2. Brute Forceattack
3. Physical attack using software and passwordskey lockers
4. Examining linked password
5. Cracked Password .Example- ophackline CD, giron CD)
6. Examining network and wireless password through shiffers.
7. Guest password login
12. 12
MODULE 4
UNDERSTANDING SECURITY SOFTWARE:-
Classification of DMZ: -
1. Sandwich DMZ: - We have inner and outer firewall and network is
protected with these 2 firewalls.
Fig.4.1 SandwichDMZ
2. Single firewall DMZ: - which protects internal network and parameter
network and internet cloud.
Fig.4.2 Single FirewallDMZ
13. 13
NAT(network address translation) : -
Technique used to modify network address information of a host while
traffic is travelling through a router or firewall. This NAT hides the network
information of private network while still permitting the traffic across a
public network.
ClassificationofNAT: -
1. Static NAT: -It maps an unregistered IP address on a public network to a
registered IP address on a public network using 1 to 1 base.
2. Dynamic NAT:- It maps an unregistered IP address on a private network
to a registered IP address that is selected by router device.
IP SECURITY: -
Benefits are: -
i. Access Control
ii. Data Authentication
iii. Replay Detection and Rejection
iv. Confidentiality using encryption
Components of IP security: -
i. AH(Authentication Header)
ii. ESP (Encapsulating Security Payload)
iii. IKE (Internet Key Exchange)
IP Security canbe used in 2 different modes:-
i. TransportMode i.e. host to host
ii. Tunnel Mode i.e. Gateway to hostor gateway to gateway
14. 14
SSH (Secure Shell) : -
Secure Shell is a program to log into another computer over a network, to
execute commands in a remote machine, and to move files from one
machine to another. It provides strong authenticationand secure
communications over insecure channels.
SSH protects a network from attacks such as IP
spoofing, IP sourcerouting, and DNS was spoofing. An attacker who has
managed to take over a network can only force SSH to disconnect. He or
she cannot play back the traffic or hijack the connection
when encryptions enabled.
COMMON NETWORKATTACK METHODS :-
i. DOS (Deny of Services)
ii. DDOS (Distributed DOS)
iii. IP Spoofing
iv. Middle Attack
v. BackdoorAttack
vi. DNS poisoning
vii. Replay Attack
viii. Weak Encryption Keys
ix. Social engineering
x. Software Attack
xi. Buffer Overflow Attack
xii. Remote CodeExecution Attack
xiii. SQL injection Attack
xiv. Cross-siteScripting Attack
Security Wireless Networks :-
Wireless networks basic components is SSID i.e. service set identity.
Using net stumbles utility you can scan SSID’S of your wireless
networks.
Protecting or Securing Wireless networks : -
i. Chooseyour own SSID
ii. Use own naming conventions for your devices
15. 15
Techniques used for securing wireless networks: -
i. WEP (While equivalent privacy)
ii. WAP (Wireless protection Action)
Connecting a wireless device involves 4 steps : -
i. Initialization
ii. Initiation
iii. Negotiation
iv. Authentication
PROTECTING THE SERVER AND CLIENT: -
Malicious Software:-
Also called as Malware . This software is designed to affect a computer
system without owners information concern. This malware is usually
associated with viruses, worms, trozen , spyware, route kits, Dishonest
Adwares.
Malware Categories:- These are classified based on damaged costto
your system.
Virus: - replication of files
To protect this virus we have antivirus software programs.
Virus Symptoms:-
i. Virus affects on CMOS and BIOS ROM : - You will get display
problem.
ii. Memory Resident Virus: - Memory related issues
iii. Booting Virus
iv. Partition or volume Virus :- Delete all partition
v. File Virus: - Modify the content, increase and decrease file size and
replicate the files.
vi. Software errors
vii. Problem related to hardware devices
16. 16
viii. Network connectivity problems
ix. Corrupted files
x. Abnormal Error messages
xi. Blue Screen Errors
xii. Missing files
To avoid virus of malware you should follow these steps: -
1. Don’t install unknown software/unlicensed software.
2. Don’t open strange email.
3. Don’t click on hyperlinks which provides free services
4. Don’t visit to survey websites
5. Don’t install freeware software
WINDOWS UPDATE: -
It is a process ofincluding fix, patches, service packs, updating device
drivers. To run it go to controlpanel -> open windows -> click on update
now.
Fig.4.3 Windows Update
17. 17
3 Types of UPDATES: -
i. Important Updates
ii. Recommended Updates
iii. Optional Updates
With the concernwith issues window update candeliver the
following: -
i. Security Update (related to antiviruses)
ii. Critical Updates (errors or bugs related to system)
iii. Service Packs (adds features to OS)
PHISHING AND PHARMING:-
Phishing: -
Phishing is a technique to attack individual using fake websites or fake
data and collecting personal information and attempting to cause a threat.
Done by using Social Engineering methods e.g. collecting Gmail or
Facebookdata.
Pharming: -
Pharming is technique aimed website traffic to a fake website.
PROTECTING SERVER: -
i. Placing the server : - related to physical location
ii. Hardening the server: - implementing firewalls, security services,
and antivirus protection.
iii. Disaster Solution
MBSA (Microsoft Base Line Security Analyzer): -It is a tool
you can check missing security updates and other security components
18. 18
CONCLUSION
The computer provides a great accuracy, speed and increasing volume of data
which accelerate the work of that department .Computer is a central element in
an organization, despite the fact that the computer is nothing more than a tool
for processing data, but its real role is to provide information for decision and
for planning and controlling operation.In present world, life is going very fast
and everybody wants a good and correct implementation in very short time.
Along with this everyone needs security against various attacks and thus
security tools are developed in order to save one’s identity and data.