Computer Networks/Security

This lesson introduces network security.

Objectives and Skills

Objectives and skills for the network security portion of Network+ certification include:^[1]

Compare and contrast risk related concepts
- Disaster recovery
- Business continuity
- Battery backups/UPS
- First responders
- Data breach
- End user awareness and training
- Single point of failure
  - Critical nodes
  - Critical assets
  - Redundancy
- Adherence to standards and policies
- Vulnerability scanning
- Penetration testing
Compare and contrast common network vulnerabilities and threats
- Attacks/threats
  - Denial of service
    - Distributed DoS
      - Botnet
      - Traffic spike
      - Coordinated attack
    - Reflective/amplified
      - DNS
      - NTP
      - Smurfing
    - Friendly/unintentional DoS
    - Physical attack
      - Permanent DoS
  - ARP cache poisoning
  - Packet/protocol abuse
  - Spoofing
  - Wireless
    - Evil twin
    - Rogue AP
    - War driving
    - War chalking
    - Bluejacking
    - Bluesnarfing
    - WPA/WEP/WPS attacks
  - Brute force
  - Session hijacking
  - Social engineering
  - Man-in-the-middle
  - VLAN hopping
  - Compromised system
  - Effect of malware on the network
  - Insider threat/malicious employee
  - Zero day attacks
- Vulnerabilities
  - Unnecessary running services
  - Open ports
  - Unpatched/legacy systems
  - Unencrypted channels
  - Clear text credentials
  - Unsecure protocols
    - TELNET
    - HTTP
    - SLIP
    - FTP
    - TFTP
    - SNMPv1 and SNMPv2
  - TEMPEST/RF emanation
Given a scenario, implement network hardening techniques
- Anti-malware software
  - Host-based
  - Cloud/server-based
  - Network-based
- Switch port security
  - DHCP snooping
  - ARP inspection
  - MAC address filtering
  - VLAN assignments
    - Network segmentation
- Security policies
- Disable unneeded network services
- Use secure protocols
  - SSH
  - SNMPv3
  - TLS/SSL
  - SFTP
  - HTTPS
  - IPsec
- Access lists
  - Web/content filtering
  - Port filtering
  - IP filtering
  - Implicit deny
- Wireless security
  - WEP
  - WPA/WPA2
    - Enterprise
    - Personal
  - TKIP/AES
  - 802.1x
  - TLS/TTLS
  - MAC filtering
- User authentication
  - CHAP/MSCHAP
  - PAP
  - EAP
  - Kerberos
  - Multifactor authentication
  - Two-factor authentication
  - Single sign-on
- Hashes
  - MD5
  - SHA
Compare and contrast physical security controls
- Mantraps
- Network closets
- Video monitoring
  - IP cameras/CCTVs
- Door access controls
- Proximity readers/key fob
- Biometrics
- Keypad/cipher locks
- Security guard
Summarize basic forensic concepts
- First responder
- Secure the area
  - Escalate when necessary
- Document the scene
- eDiscovery
- Evidence/data collection
- Chain of custody
- Data transport
- Forensics report
- Legal hold
Given a scenario, troubleshoot and resolve common security issues
- Misconfigured firewall
- Misconfigured ACLs/applications
- Malware
- Denial of service
- Open/closed ports
- ICMP related issues
  - Ping of death
  - Unreachable default gateway
- Unpatched firmware/OSs
- Malicious users
  - Trusted
  - Untrusted users
  - Packet sniffing
- Authentication issues
  - TACACS/RADIUS misconfigurations
  - Default passwords/settings
- Improper access/backdoor access
- ARP issues
- Banner grabbing/OUI
- Domain/local group configurations
- Jamming

Readings

Wikipedia: Network security and related articles.

Multimedia

Activities

Manage user accounts, group accounts, and permissions.
- Review HowToGeek: Windows Networking - Sharing Files and Resources.
- Review Microsoft: Create User Account and Microsoft: Why Use a Standard User Account. Create a standard user account.
- Review Microsoft: User Groups. Create a new group.
- Review Microsoft: Add a User Account to a Group. Add the new user account to the new group.
- Review Microsoft: What are Permissions?. Create a new folder and set permissions on the folder so that the new group has full control of the folder. Remove all other users and groups from folder permissions.
- Attempt to open the folder. You should be denied access. As creator of the folder, you can modify permissions on the folder, but because you do not have permission to read the folder, you may not open it.
- Log into the computer as the new user and attempt to open the folder. You should be able to access the folder.
- To clean up, log in using your administrator account. Change permissions on the folder to give yourself full control. Then delete the folder. Delete the new user account and new group account.
Configure Password Policy and Account Lockout Policy.
- Review Wikipedia: Password policy and Microsoft: Change Password Policy Settings.
- Examine password policy settings on your system and consider adding restrictions such as minimum password length, password complexity requirements.
- Review Microsoft: How to Configure Security Policy Settings and Microsoft: Configuring Account Lockout Policies.
- Examine account lockout policy settings on your system and consider adding restrictions on account lockout threshold and account lockout duration.
Use a network scanner to audit your network.
- Review Wikipedia: Nmap nmap documentation.
- Download and install Nmap.
- Review Linux.com: Audit Your Network with Zenmap.
- Use ipconfig to display your host IP address. Based on the address displayed, use Zenmap to scan your network.
- Based on the results of the scan, adjust any device settings necessary to reduce vulnerabilities and harden the network.
Back up your system and restore files.
- Review Microsoft: Back Up Files.
- Perform a full system backup. If you don't have enough external storage space for a full backup, consider backing up important files and folders to cloud storage.
- Restore one or more files from the backup.
Examine physical security and risk scenarios for your network environment.
- What physical security controls are in place for your building and your network / computer equipment?
- What risk management practices are in place, such as disaster recovery plans, battery backup, data backup, redundancy, vulnerability scanning, and user training?
- Are any changes necessary to improve physical security or reduce risk?

Lesson Summary

Key Terms

References

↑ CompTIA: Network+ Certification Exam Objectives - Exam N10-006

[1] CompTIA: Network+ Certification Exam Objectives - Exam N10-006

[1]

Computer Networks/Security

Objectives and Skills

Readings

Multimedia

Activities

Lesson Summary

Key Terms

See Also

References