< Computer Networks

This lesson introduces network security.

Objectives and Skills

Objectives and skills for the network security portion of Network+ certification include:[1]

  • Compare and contrast risk related concepts
    • Disaster recovery
    • Business continuity
    • Battery backups/UPS
    • First responders
    • Data breach
    • End user awareness and training
    • Single point of failure
      • Critical nodes
      • Critical assets
      • Redundancy
    • Adherence to standards and policies
    • Vulnerability scanning
    • Penetration testing
  • Compare and contrast common network vulnerabilities and threats
    • Attacks/threats
      • Denial of service
        • Distributed DoS
          • Botnet
          • Traffic spike
          • Coordinated attack
        • Reflective/amplified
          • DNS
          • NTP
          • Smurfing
        • Friendly/unintentional DoS
        • Physical attack
          • Permanent DoS
      • ARP cache poisoning
      • Packet/protocol abuse
      • Spoofing
      • Wireless
        • Evil twin
        • Rogue AP
        • War driving
        • War chalking
        • Bluejacking
        • Bluesnarfing
        • WPA/WEP/WPS attacks
      • Brute force
      • Session hijacking
      • Social engineering
      • Man-in-the-middle
      • VLAN hopping
      • Compromised system
      • Effect of malware on the network
      • Insider threat/malicious employee
      • Zero day attacks
    • Vulnerabilities
      • Unnecessary running services
      • Open ports
      • Unpatched/legacy systems
      • Unencrypted channels
      • Clear text credentials
      • Unsecure protocols
        • TELNET
        • HTTP
        • SLIP
        • FTP
        • TFTP
        • SNMPv1 and SNMPv2
      • TEMPEST/RF emanation
  • Given a scenario, implement network hardening techniques
    • Anti-malware software
      • Host-based
      • Cloud/server-based
      • Network-based
    • Switch port security
      • DHCP snooping
      • ARP inspection
      • MAC address filtering
      • VLAN assignments
        • Network segmentation
    • Security policies
    • Disable unneeded network services
    • Use secure protocols
      • SSH
      • SNMPv3
      • TLS/SSL
      • SFTP
      • HTTPS
      • IPsec
    • Access lists
      • Web/content filtering
      • Port filtering
      • IP filtering
      • Implicit deny
    • Wireless security
      • WEP
      • WPA/WPA2
        • Enterprise
        • Personal
      • TKIP/AES
      • 802.1x
      • TLS/TTLS
      • MAC filtering
    • User authentication
      • CHAP/MSCHAP
      • PAP
      • EAP
      • Kerberos
      • Multifactor authentication
      • Two-factor authentication
      • Single sign-on
    • Hashes
      • MD5
      • SHA
  • Compare and contrast physical security controls
    • Mantraps
    • Network closets
    • Video monitoring
      • IP cameras/CCTVs
    • Door access controls
    • Proximity readers/key fob
    • Biometrics
    • Keypad/cipher locks
    • Security guard
  • Summarize basic forensic concepts
    • First responder
    • Secure the area
      • Escalate when necessary
    • Document the scene
    • eDiscovery
    • Evidence/data collection
    • Chain of custody
    • Data transport
    • Forensics report
    • Legal hold
  • Given a scenario, troubleshoot and resolve common security issues
    • Misconfigured firewall
    • Misconfigured ACLs/applications
    • Malware
    • Denial of service
    • Open/closed ports
    • ICMP related issues
      • Ping of death
      • Unreachable default gateway
    • Unpatched firmware/OSs
    • Malicious users
      • Trusted
      • Untrusted users
      • Packet sniffing
    • Authentication issues
      • TACACS/RADIUS misconfigurations
      • Default passwords/settings
    • Improper access/backdoor access
    • ARP issues
    • Banner grabbing/OUI
    • Domain/local group configurations
    • Jamming

Readings

  1. Wikipedia: Network security and related articles.

Multimedia

  1. YouTube: Business Risk - CompTIA Network+ N10-006 - 3.1
  2. YouTube: Single Point of Failure - CompTIA Network+ N10-006 - 3.1
  3. YouTube: Vulnerability Scanning - CompTIA Network+ N10-006 - 3.1
  4. YouTube: Penetration Testing - CompTIA Network+ N10-006 - 3.1
  5. YouTube: Denial of Service - CompTIA Network+ N10-006 - 3.2
  6. YouTube: Wireless Network Attacks - CompTIA Network+ N10-006 - 3.2
  7. YouTube: Wireless Protocol Attacks - CompTIA Network+ N10-006 - 3.2
  8. YouTube: Brute Force Attacks - CompTIA Network+ N10-006 - 3.2
  9. YouTube: Session Hijacking - CompTIA Network+ N10-006 - 3.2
  10. YouTube: Social Engineering - CompTIA Network+ N10-006 - 3.2
  11. YouTube: Man in the Middle Attacks - CompTIA Network+ N10-006 - 3.2
  12. YouTube: VLAN Hopping - CompTIA Network+ N10-006 - 3.2
  13. YouTube: Compromised Systems - CompTIA Network+ N10-006 - 3.2
  14. YouTube: Insider Threats - CompTIA Network+ N10-006 - 3.2
  15. YouTube: Zero-day Attacks - CompTIA Network+ N10-006 - 3.2
  16. YouTube: Operating System Vulnerabilities - CompTIA Network+ N10-006 - 3.2
  17. YouTube: Anti-Malware Software - CompTIA Network+ N10-006 - 3.3
  18. YouTube: Switch Port Security - CompTIA Network+ N10-006 - 3.3
  19. YouTube: Security Policies - CompTIA Network+ N10-006 - 3.3
  20. YouTube: Disabling Unneeded Network Services - CompTIA Network+ N10-006 - 3.3
  21. YouTube: Using Secure Protocols - CompTIA Network+ N10-006 - 3.3
  22. YouTube: Access Lists - CompTIA Network+ N10-006 - 3.3
  23. YouTube: Wireless Security - CompTIA Network+ N10-006 - 3.3
  24. YouTube: User Authentication - CompTIA Network+ N10-006 - 3.3
  25. YouTube: Hashing - CompTIA Network+ N10-006 - 3.3
  26. YouTube: Physical Security Controls - CompTIA Network+ N10-006 - 3.4
  27. YouTube: Basic Forensic Concepts - CompTIA Network+ N10-006 - 3.7
  28. YouTube: Troubleshooting Firewall Security Issues - CompTIA Network+ N10-006 - 4.7
  29. YouTube: Troubleshooting Operating System Security Issues - CompTIA Network+ N10-006 - 4.7
  30. YouTube: Troubleshooting Denial of Service - CompTIA Network+ N10-006 - 4.7
  31. YouTube: Troubleshooting ICMP and ARP - CompTIA Network+ N10-006 - 4.7
  32. YouTube: Troubleshooting Malicious User Activities - CompTIA Network+ N10-006 - 4.7
  33. YouTube: Troubleshooting Authentication Issues - CompTIA Network+ N10-006 - 4.7

Activities

  1. Manage user accounts, group accounts, and permissions.
  2. Configure Password Policy and Account Lockout Policy.
  3. Use a network scanner to audit your network.
    • Review Wikipedia: Nmap nmap documentation.
    • Download and install Nmap.
    • Review Linux.com: Audit Your Network with Zenmap.
    • Use ipconfig to display your host IP address. Based on the address displayed, use Zenmap to scan your network.
    • Based on the results of the scan, adjust any device settings necessary to reduce vulnerabilities and harden the network.
  4. Back up your system and restore files.
    • Review Microsoft: Back Up Files.
    • Perform a full system backup. If you don't have enough external storage space for a full backup, consider backing up important files and folders to cloud storage.
    • Restore one or more files from the backup.
  5. Examine physical security and risk scenarios for your network environment.
    • What physical security controls are in place for your building and your network / computer equipment?
    • What risk management practices are in place, such as disaster recovery plans, battery backup, data backup, redundancy, vulnerability scanning, and user training?
    • Are any changes necessary to improve physical security or reduce risk?

Lesson Summary

Key Terms

See Also

References

This article is issued from Wikiversity. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.