MODULE 1

SECURITY FUNDAMENTALS
 SUBTOPIC 1
INFORMATION SECURITY CYCLE
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define Information Security and its goals;
▪ Demonstrate the abstract view of the components of a goal of security;
▪ Enumerate the types of risks, threats, vulnerability, intrusion and attacks;
▪ Explain the Information Security Controls;
▪ Discuss Security Management Process;
▪ Give different aspects of CIA Triad.
What Is Information Security?

Information Security is the state of being

protected against the unauthorized use of
information, especially electronic data, or the
measures taken to achieve this.
What to Protect

Data
Resource
Data Resource
Goals of Security

• Prevention
• Detection
• Recovery
A fundamental understanding of the standard concepts of security is
essential before people can start securing their environment.
Risk
Likelihood: Rare
Damage: Moderate

Disgruntled Former Threat of

Employees Improper Access

A risk is generally defined as the probability that an event will occur.

 Threats Intentional or
unintentional

Information Security Threats

Changes to Interruption Interruption Damage to Damage to

Information of Services of Access Hardware Facilities

A threat is a possible danger that might exploit a vulnerability to breach

security and therefore cause possible harm.
Vulnerability

Attacker Unsecured Router Information System

A vulnerability is a weakness which can be exploited by a threat actor, such

as an attacker, to perform unauthorized actions within a computer system.
Intrusion

Intrusions often involves stealing valuable resources and almost always

jeopardize the security of the systems and/or their data.
 Attacks

Attack is to set upon in a

Software-Based Attacks
forceful, violent, hostile, Physical Security Attacks

or aggressive way, with

or without a weapon

Social Engineering Attacks Web Application-Based Attacks

Network-Based Attacks
Security Controls

• Controls are the countermeasures that you need to put in place to avoid,
mitigate, or counteract security risks due to threats or attacks.

Detection Control Correction Control

Prevention Control
Security Management Process
CIA Triad

Availability

The CIA Triad is a well-known, venerable model for the development of security
policies used in identifying problem areas, along with necessary solutions in the
arena of information security.
Confidentiality

CONFIDENTIALITY is a concept we deal with frequently in real life. We

expect our doctor to keep our medical records confidential.
There are several technologies that support confidentiality in an
enterprise security implementation. These include the following:

❑Strong encryption
❑Strong authentication
❑Stringent access controls
Integrity

We define INTEGRITY in the information security context as the consistency,

accuracy, and validity of data or information.
Availability

AVAILABILITY is the third core security principle, and it is defined as a

characteristic of a resource being accessible to a user, application, or computer
system when required
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
 MODULE 1
SECURITY FUNDAMENTALS
 SUBTOPIC 2

AUTHENTICATION METHODS AND

CRYPTOGRAPHY FUNDAMENTALS
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define cryptography;
▪ Discuss encryption and decryption;
▪ Discuss the concepts of steganography and digital signatures;
▪ Explain the process concept of authentication methods;
▪ Describe different states of authentication;
▪ Discuss common security practices
Identification

Identification is defined as the act of determining who someone or what

something is.
Authentication

Authentication is the process of verifying the identity of a person or device.

Authentication Factors
❑Something you are
✓Fingerprints, handprints, or retinal patterns
❑Something you have
✓Key or ID card
❑Something you know
✓Password or PIN
Password
❑Somewhere you are or are not
✓IP address or GPS 24.213.151.4

❑Something you do
✓Keystroke patterns
Authorization

AUTHORIZATION is the process of giving individuals access to system

objects based on their identity.
Non-repudiation

Non-repudiation is the assurance that someone cannot deny the validity

of something.
Access Control
• Determining and assigning privileges to resources, objects, or data.
• Manages authorization.
Access Control Models

Mandatory Access Control Discretionary Access Control Role-Based Access Control

(MAC) (DAC) (RBAC)

Rule-Based Access
Control
Accounting and Auditing

• The process of tracking and recording system activities and resource access.
Common Security Practices

❑Implicit deny
❑Least privilege
❑Separation of duties
❑Job rotation
❑Mandatory vacation
❑Time of day restrictions
❑Privilege management
Implicit Deny

Default Deny

Read Access Granted Write Access Denied

An implicit deny only denies a permission until the user or group is allowed
to perform the permission
Least Privilege

Perform their jobs with User 1 User 4 Perform their jobs with
fewer privileges more privileges

User 2 User 3
Data Entry Clerks Financial Coordinators

LEAST PRIVILEGE is a security discipline that requires that a user, system, or

application be given no more privilege than necessary to perform its function or job.
Separation of Duties

Backup Audit Restore

SEPARATION OF DUTIES is a principle that prevents any single person or entity

from being able to have full access or complete all the functions of a critical or
sensitive process.
 Backup
Job Rotation

Audit

Access Control

Firewall Restore

JOB ROTATION is a concept that has employees rotate through

different jobs to learn the procedures and processes in each.
 Mandatory Vacation

MANDATORY VACATIONS policies require employees to take time away from their job.
Time of Day Restrictions

AM PM

TIME OF DAY RESTRICTIONS limit when users can access specific systems based on
the time of day or week.
Security Tokens

Unique
PIN
Value

User Password
Information

A security token (or sometimes a hardware token, hard token, authentication

token, USB token, cryptographic token, or key fob) is a physical device that an
authorized user of computer services is given to ease authentication.
Biometrics
❑Fingerprint scanner
❑Retinal scanner
❑Hand geometry scanner
❑Voice-recognition software
❑Facial-recognition software

Biometrics is an authentication method that identifies and recognizes people

based on voice recognition or physical traits such as a fingerprint, face recognition,
iris recognition, and retina scan.
Keystroke Authentication

Keystroke Pattern Detector

Keystroke dynamics has been used to strengthen password-based user authentication

systems by considering the typing characteristics of legitimate users.
Multifactor Authentication

Password

ID Card

When two or more authentication methods are used to authenticate someone, a

multifactor authentication system is being implemented.
Cryptography

Cryptography is a method of protecting information and communications through

the use of codes so that only those for whom the information is intended can read
and process it.
Encryption and Decryption

Plaintext Encryption Ciphertext

Ciphertext Decryption Plaintext

Plaintext

Encryption is a process which transforms the original information into an

unrecognizable form.
Decryption is a process of converting encoded/encrypted data in a form that is
readable and understood by a human or a computer.
 Ciphers

Original Information Encrypted Information

Cipher

Cipher is a system of writing that prevents most people from understanding the message
 Stream Cipher
Cipher Types

Plaintext Cipher Ciphertext

Stream ciphers create an arbitrarily long stream of key material, which is

combined with plain text bit-by-bit or character-by-character.
Block Cipher

Plaintext Ciphertext
Block Cipher Block

Block cipher takes a block of plain text and a key, and outputs a block of
ciphertext of the same size.
Steganography

Vessel Image Steganographic

Image

Steganographic techniques include:

• Hiding information in blocks.
Secret Data • Hiding information within images.
• Invisibly altering the structure of a digital image.

The art and science of hiding information by embedding messages within

other, seemingly harmless messages.
Types of Encryption

Encryption algorithms can be divided into three classes:

❑ Symmetric
❑ Asymmetric, and
❑ Hash function.

Symmetric and Asymmetric encryption can encrypt and decrypt data.

A Hash function can only encrypt data; that data cannot be decrypted
Hashing Encryption

Hashing is one way to enable security during the process of message

transmission when the message is intended for a particular recipient only.
Hashing Encryption Algorithms

❑MD5 – (Message Digest)

❑SHA – (Secure Hash Algorithms)

❑NTLM versions 1 and 2 – New Technology LAN Manager

❑RIPEMD - RACE Integrity Primitives Evaluation Message Digest

❑HMAC - Hash-based Message Authentication Code

Key

Original Information Cipher Encrypted

Information

= Two Letters
Following

An encryption key is a random string of bits created explicitly for scrambling

and unscrambling data.
Symmetric Encryption

Encrypts Data Decrypts Data

Same Key on Both Sides

Symmetric encryption uses a single key to encrypt and decrypt data. Therefore,
it is also referred to as secret-key, single-key, shared-key, and private-key
encryption.
Symmetric Encryption Algorithms

❑DES - Data Encryption Standard

❑3DES – Triple Data Encryption Standard
❑AES - Advanced Encryption Standard
❑Blowfish
❑Twofish
❑RC 4, 5, 6
Asymmetric Encryption

Public Key Encrypts Private Key Decrypts

Asymmetric encryption, also known as public key cryptography, uses two mathematically
related keys.
Asymmetric Encryption Techniques
❑RSA - Rivest–Shamir–Adleman
❑DH - Diffie–Hellman key exchange.
❑ECC - Elliptic curve cryptography
❑DHE - Diffie–Hellman key exchange
❑ECDHE - Elliptic curve Diffie-Hellman
Key Exchange

Sender Receiver
For messages to be exchanged, the sender and receiver need the right cryptographic keys

Symmetric cipher: Asymmetric cipher:

Same key Each other’s public key

Key exchange (also key establishment) is a method in cryptography by which

cryptographic keys are exchanged between two parties, allowing use of a
cryptographic algorithm.
Digital Signatures

Hash Value of
Hash Value Matches
Signature

DIGITAL SIGNATURE is a process that guarantees that the contents of a

message have not been altered in transit.
Session Keys

Single-Use Key

Related Sender Receiver

Messages

Unrelated message requires a different key

A SESSION KEY is an encryption and decryption key that is randomly

generated to ensure the security of a communications session between a
user and another computer or between two computers.
Key Stretching

Original Key Key Stretching Enhanced Key

Algorithm

Key stretching makes it harder to crack passwords and passphrases.

KEY STRETCHING is the practice of converting a password to a longer and more

random key for cryptographic purposes such as encryption.
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
 MODULE 1
SECURITY FUNDAMENTALS
 SUBTOPIC 3

SECURITY POLICY FUNDAMENTALS

OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Explain security policy;
▪ Discuss the concept of common security policy and group policy;
Security Policy

Individual Policy

Formal
Policy
Statement Resources to
Protect

Implementation
Measures

Security policy is a definition of what it means to be secure for a system,

organization or other entity.
Security Policy Components

Policy statement - Formal document outlining the ways in which an organization

intends to conduct its affairs and act in specific circumstances.

Standards - a level of quality or attainment.

Guidelines - a general rule, principle, or piece of advice.

Procedures - an established or official way of doing something.

Security Policy Components

All security policies should include a well-defined security vision for the
organization.

Enforcement – This section should clearly identify how the policy will be
enforced and how security breaches and/or misconduct will be handled.

User Access to Computer Resources – This section should identify the roles and
responsibilities of users accessing resources on the organization’s network.
Security Policy Components

Security Profiles – This section should include information that identifies how
security profiles will be applied uniformly across common devices

Sensitive data — This section addresses any information that is protected

against unwarranted disclosure.

Passwords – This section should state clearly the requirements imposed on

users for passwords.
Security Policy Components

E-Mail – This section includes how to handle attachments, through filtering,

personal use of the e-mail system, language restrictions, and archival
requirements

Internet – This section is about usage and what content filtering is in place.

Anti-Virus – This section identifies the frequency of updating the file definitions
as well as how removable media, e-mail attachments and other files are scanned.

Back-up and Recovery – A comprehensive back-up and recovery plan is included

here.
Security Policy Components

Intrusion Detection – This section discusses what if any Network Security

Intrusion Detection or Prevention System is used and how it is implemented.
Remote Access – This section should identify all the ways that the system can be
remotely accessed and what is in place to ensure that access is from only
authorized individuals
Information Security Auditing – How are all the security programs reviewed and
how frequently
Information Security Training – Training occurs in many different flavors. One of
the types of training required in an organization is Awareness Training
Common Security Policy Types

AUP – Acceptable User Policy - or fair use policy, is a set of rules

applied by the owner, creator or administrator of a network, website, or
service.

Privacy policy - is a statement or a legal document that discloses some

or all of the ways a party gathers, uses, discloses, and manages a
customer or client's data.

Audit policy defines account limits for a set of users of one or more
resources.
Common Security Policy Types

Extranet policy - this document describes the policy under which

third-party organizations connect to your networks for the purpose of
transacting business related to your company

Password policy is a set of rules designed to enhance computer

security by encouraging users to employ strong passwords and use
them properly.
Common Security Policy Types

Wireless standards policy - provides guidelines regarding wireless

access points and the management by ITS of 802.11X and related
wireless standards access.

Social media policy is a living document that provides guidelines for

your organization’s social media use.
Group Policy

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls
the working environment of user accounts and computer accounts.
Security Document Categories
System architecture - is the conceptual model that defines the structure,
behavior, and more views of a system

Change documentation should describe the requirements driving the

change in sufficient detail to allow approvers and other officials to make
an informed decision on the change request.

Log is an official record of events during the operation

Inventories is a complete list of items such as property, goods in stock,

or the contents of a building.
Change Management

A CHANGE MANAGEMENT system will record what changes are made.

Three Levels of Change Management

❑ Individual Change Management

❑ Organizational/Initiative Change Management

❑ Enterprise Change Management Capability

Documentation Handling Measures

Classification Retention and Storage Disposal and Destruction

Documentation Handling Measures

Classification

Classification is the action or process of classifying something according to

shared qualities or characteristics.
Documentation Handling Measures

Retention and Storage

Documentation Handling Measures

Disposal and Destruction

Every paper or electronic record has a specific amount of time that it needs
to be kept. This is called a retention period.
Once the retention period has ended, records are disposed
according to their value and content:

▪ Shred
▪ Recycle
▪ Delete
▪ Transfer
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
 MODULE 2
IDENTIFYING SECURITY THREATS AND
VULNERABILITIES
 SUBTOPIC 1
SOCIAL ENGINEERING
Upon completion of this module, the student would be able to:
▪ Define the social engineering and its goals;
▪ Demonstrate the abstract view of the social engineering;
▪ Enumerate the types of social engineering;
Social Engineering Attacks
“This is the help desk.
Please provide your user
name and password so
that we can update our
records.”

SOCIAL ENGINEERING is a method used to gain access to data, systems,

or networks, primarily through misrepresentation.
Some techniques for avoiding social engineering attacks
include the following:
❑Be suspicious
❑Verify identity
❑Be cautious
❑Don’t use email
Types of Social Engineering

❑Spoofing/Impersonation ❑URL hijacking/typo squatting

❑Hoax ❑Spam and spim
❑Phishing ❑Shoulder surfing
❑Vishing ❑Dumpster diving
❑Whaling ❑Tailgating
Spoofing imitate (something) while exaggerating its characteristic features
for comic effect.

Impersonation is an act of pretending to be another person for the

purpose of entertainment or fraud.
Hoax is a humorous or malicious deception.
Phishing is the fraudulent practice of sending emails purporting to be from
reputable companies in order to induce individuals to reveal personal
information, such as passwords and credit card numbers.
Vishing is the fraudulent practice of making phone calls or leaving voice
messages purporting to be from reputable companies in order to induce
individuals to reveal personal information, such as bank details and credit card
numbers.
A whaling attack is a method used by cybercriminals to masquerade as a senior
player at an organization and directly target senior or other important
individuals at an organization, with the aim of stealing money or sensitive
information or gaining access to their computer systems for criminal purposes.
URL hijacking also known as typo squatting is the process by which a URL is
wrongly removed from the search engine index and replaced by another URL.
Spam is unsolicited usually commercial messages sent to a large number of
recipients or posted in a large number of places
Spim is perpetuated by bots that harvest IM screen names off of the Internet
and simulate a human user by sending spam to the screen names via an
instant message.
Shoulder surfing is a form of credit-card fraud in which the perpetrator stands behind
and looks over the shoulder of the victim as he or she withdraws money from an
automated teller machine, memorizes the card details, and later steals the card
Dumpster diving is a technique used to retrieve information that could be used
to carry out an attack on a computer network.
Tailgating - In these types of attacks, someone without the proper
authentication follows an authenticated employee into a restricted area.
 Social Engineering Recommendations

Here are a few tips that organizations can incorporate into their security awareness
training programs that will help users to avoid social engineering schemes:

• Do not open any emails from untrusted sources.

• Do not give offers from strangers the benefit of the doubt.
• Lock your laptop whenever you are away from your workstation.
• Purchase anti-virus software.

https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/
Hackers and Attackers

▪ Hacker was originally a neutral term.

▪ Attacker always refers to malicious hackers.
Categories of Attackers

❑Malicious insiders
❑Hacktivists
❑Data thefts
❑Script kiddies
❑Electronic vandals
❑Cyberterrorists
Malicious insiders
Hacktivists - a person who gains unauthorized access to computer files or
networks in order to further social or political ends.
Data theft is the act of stealing information stored on computers, servers, or other
devices from an unknowing victim with the intent to compromise privacy or obtain
confidential information.
Script kiddie, skiddie, or skid is an unskilled individual who uses scripts or
programs, such as a web shell, developed by others to attack computer
systems and networks and deface websites.
Electronic vandalism entails the determined and intentional malicious
attempt to destroy or manipulate the electronic media and data through
viruses, malevolent codes and other similar means
Cyberterrorism is the use of the Internet to conduct violent acts that result
in, or threaten, loss of life or significant bodily harm, in order to achieve
political or ideological gains through threat or intimidation.
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
 MODULE 2
IDENTIFYING SECURITY THREATS AND
VULNERABILITIES
 SUBTOPIC 2
MALWARE AND SOFTWARE-BASED
THREATS
Upon completion of this module, the student would be able to:
▪ Explain the types of malware;
▪ Discuss the different types of malware;
▪ Give different malware attacks.
▪ Identify the different types of software-based threats;
▪ Define the different types of software-based threats;
▪ Discuss the types of application attacks
Software Attacks

Application Operating System Protocol

Software attacks means attack by Viruses, Worms, Trojan Horses etc.

Many users believe that malware, virus, worms, bots are all same things.
TYPES OF MALWARE

Common for a computer to be connected to the internet, there are more

opportunities than ever for a computer to be infected by malware.
Malware can be identified as one or more of the following:
❑Virus
❑Worm
❑Adware
❑Spyware and dishonest adware
❑Trojan horse
❑Rootkit
❑Backdoor
❑Polymorphic virus
❑Logic Bomb
❑Botnets
❑Zero-day attack
❑Ransomware
❑Armored Virus
Viruses

A computer virus is a malicious software program loaded onto a user’s

computer without the user’s knowledge and performs malicious actions.
Worms

A computer worm is a malicious, self-replicating software program which affects

the functions of software and hardware programs.
 Adware

Adware software that automatically displays or downloads advertising material

(often unwanted) when a user is online.
Spyware

Spyware is unwanted software that infiltrates your computing device,

stealing your internet usage data and sensitive information.
Spyware (Example)

A keylogger is a program that records the keystrokes on a computer. It does this by

monitoring a user's input and keeping a log of all keys that are pressed.
Trojan Horses

A Trojan horse is an executable program that appears as a desirable or useful

program.
 Rootkits

Administrative
access granted

A rootkit is a software program designed to provide a user with administrator

access to a computer without being detected.
Backdoor Attacks

A backdoor refers to any method by which authorized and unauthorized users

are able to get around normal security measures and gain high level user access
(aka root access) on a computer system, network, or software application.
Polymorphic Malware

Polymorphic malware is a type of malware that constantly changes its identifiable

features in order to evade detection.
 Logic Bombs

A logic bomb is commonly defined as an attribute or a portion of code running

within a program that remains inactive until a specific event or time occurs.
Botnets

A botnet is a distributed network of computers that have been compromised

by malicious software and are under the control of an attacker.
Ransomware

Ransomware is a type of malware from cryptology that threatens to publish the

victim's data or perpetually block access to it unless a ransom is paid
 Armored Viruses

An armored virus is a computer virus that contains a variety of mechanisms

specifically coded to make its detection and decryption very difficult.
Password Attacks

xxxxxxxxx
xPxxxxxxx
xPassxxxx
xPass1234
!Pass1234

Password attacks are a critical segment of a pentest in which preparation

can make a major impact on the success (or failure) of a pentest.
Types of Password Attacks

✓ Dictionary attack
✓ Brute force attack
✓ Man In the Middle
✓ Birthday attack
✓ Rainbow Table Attack
Types of Password Attacks

Dictionary attack - An attack that takes advantage of the fact people tend
to use common words and short passwords.
Types of Password Attacks

Brute force - Using a program to generate likely passwords or even

random character sets.
Types of Password Attacks

Man In the Middle - the hacker’s program doesn’t just monitor information being
passed but actively inserts itself in the middle of the interaction, usually by
impersonating a website or app.
Types of Password Attacks

Rainbow Table Attack - a rainbow table compiles a list of pre-computed hashes.

Application Attacks

Known flaw in
application
Types of Application Attacks
Application Attack Description

Cross-site scripting An attack that injects malicious scripts into trusted websites to be run when a
(XSS) user visits the site.

Command injection attacks include several types:

• SQL injection
Command injection
• LDAP injection
attacks
• XML injection
• Directory traversal

An attack that occurs when the security level of a system is at its lowest,
Zero day exploit
immediately after the discovery of a vulnerability.

Cookies An attack where an attacker injects a meta tag in an HTTP header, making it
manipulation possible to modify a cookie stored in a browser.

An attack where a website running Flash stores data objects (Flash cookies)
LSO attack on a user’s computer that are difficult to detect and remove, and may threaten
the user’s privacy.

An attack where the attacker can merge malicious software or code into a
Attachment attack downloadable file or attachment on a web server so that users download and
execute it on client systems.
Types of Application Attacks (Cont.)

Application Attack Description

An add-on that is meant to look like a normal add-on, except that when a user
Malicious add-ons installs it, malicious content will be injected to target the security loopholes that
are present in a web browser.

An attack where the attacker manipulates the header information passed

Header manipulation
between the web servers and clients in HTTP requests.

An attack in which data goes past the boundary of the destination buffer and
Buffer overflow begins to corrupt adjacent memory, which may cause an app to crash or rogue
code to execute on a system.

An attack in which a computed result is too large to fit in its assigned storage
Integer overflow space, which may lead to crashing or data corruption, and may trigger a buffer
overflow.

An attack that exploits application vulnerabilities by allowing an attacker to

Arbitrary code
execute any command on a victim's machine, potentially taking complete
execution
control over a system.
Types of Application Attacks

Cross-site scripting - This attack is the type of an injection in which there are
some malicious scripts inserted into the websites which are pretty trusted ones
by the users.
Types of Application Attacks

SQL injection - This attack is the technique in which some code injection
method is used.
Types of Application Attacks

LDAP injection - This attack falls into the category of the applications attacks as
well since it is also associated to some applications.
Types of Application Attacks

XML injection - When this attack is taken place, the attack mainly makes some efforts
and has an aim to inject some XML tags into the SOAP message and hence he wants
to modify the source of XML
Types of Application Attacks

Buffer overflow - This term is seed very basically and widely in the computer
programming and security.
Types of Application Attacks

Integer overflow - There is some overflow of integer condition when there is

an integer which is used in the determination of some memory allocation,
concatenation, allocation and something like this.
Types of Application Attacks

Zero-day - It is also known s the zero hour or the day zero attacks.
Types of Application Attacks

Cookies and attachments - There is a possibility that the cookies which are
downloaded are infected ones and the attachments which are downloaded are
also the victim of them.
Types of Application Attacks

LSO (Locally Shared Objects)- Local shared objectives are the pieces of the
data which belong to some website and they are happened when the adobe
flash is stored on the user's computer.
Types of Application Attacks

Malicious add-ons - Sometimes the ads on which are available to get can get
injected and they can turn the computers into botnets, it happened once in
the past when the Firefox got some ad on which created this problem.
Types of Application Attacks

Session hijacking - This is also known as the cookie hijack. In this case, the
computer session or the key session is simply exploited and hence the access
to some unauthorized area is gained to get some information or the service in
a computer.
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
 MODULE 2
IDENTIFYING SECURITY THREATS AND
VULNERABILITIES
 SUBTOPIC 3
NETWORK-BASED THREATS, WIRELESS
THREATS, PHYSICAL THREATS AND
VULNERABILITIES
Upon completion of this module, the student would be able to:
▪ Define TCP/IP;
▪ Discuss the concept of network-based attacks;
▪ Differentiate the types of network-based attacks;
▪ Define wireless threats and vulnerability;
▪ Discuss the concept of wireless security;
▪ Differentiate the types of wireless attacks;
TCP/IP Basics
❑ Standard network protocol used today.
❑ A layered suite of many protocols.
❑ The logical endpoints of a connection between hosts are called ports.
❑ Ports can be open to allow communication or closed to prevent it.
❑ Layers:
▪ Network interface/data link
▪ Internet
▪ Transport
▪ Application
Port Scanning Attacks

Port Protocol State

21 FTP Open

53 DNS Closed

80 HTTP Open

110 POP3 Closed

119 NNTP Closed

443 HTTPS Open

Eavesdropping Attacks

An eavesdropping attack can be difficult to detect because the network

transmissions will appear to be operating normally.
Man-in-the-Middle Attacks

Original
Transmission

User User

Man in the Middle

Man-in-the-Middle Attacks is an attack where the attacker secretly relays and

possibly alters the communications between two parties who believe that
they are directly communicating with each other.
Replay Attacks

10:00 A.M.

It is a form of network attack in which a

valid data transmission is maliciously or
fraudulently repeated or delayed.

1:00 P.M.
 Social Network Attacks
▪ Evil twin attack - is a fraudulent Wi-Fi access point that appears to be legitimate but
is set up to eavesdrop on wireless communications.

▪ Account phishing - the act of sending an email to a user falsely claiming to be an

established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft.

▪ Drive-by download - refers to potentially harmful software code that is installed on a

person's computer without the user needing to first accept or even be made aware
of the software installation.
Social Network Attacks

▪ Clickjacking - is a malicious technique of tricking a user into clicking on something

different from what the user perceives
▪ Password stealer - is a Trojan that is designed to gather information from a system.
▪ Spamming - the activity of sending advertisements by email to people who do not
want to receive them
 DoS Attacks

Denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator

seeks to make a machine or network resource unavailable to its intended users by
temporarily or indefinitely disrupting services of a host connected to the Internet.
DDoS Attacks

Drones

Distributed denial of service (DDoS) attacks are a subclass of denial of service

(DoS) attacks.
Types of DoS Attacks (1 of 2)

❑ ICMP flood - also known as a Ping flood attack, is a common Denial-of-

Service (DoS) attack in which an attacker attempts to overwhelm a targeted
device with ICMP echo-requests (pings)

❑ UDP flood - attack in which the attacker overwhelms random ports on the
targeted host with IP packets containing UDP datagrams.

❑ SYN flood - an attacker sends a succession of SYN requests to a target's

system in an attempt to consume enough server resources to make the
system unresponsive to legitimate traffic.
Types of DoS Attacks (2 of 2)

❑Buffer overflow- is an anomaly where a program, while writing data to a

buffer, overruns the buffer's boundary and overwrites adjacent memory
locations.

❑Reflected DoS attack - makes use of a potentially legitimate third party

component to send the attack traffic to a victim, ultimately hiding the
attackers’ own identity.

❑Permanent DoS attack - is denial of service via hardware sabotage. During

such an attack, an attacker bricks a device or destroys firmware, rendering the
device or an entire system useless.
Session Hijacking

Legitimate Computer
Session

Stealing
an Active
Session
Cookie

Session hijacking is an attack where a user session is taken over by an attacker.

ARP Poisoning

IP Address

DHCP Server

Redirects
IP Address to Self

ARP poisoning is an attack on the protocol used to determine a device’s hardware

address (MAC address) on the network when the IP address is known.
Transitive Access Attacks
Host File

Grant access
to:

John
Jane
Alice
Frank
…
Bob

Transitive access is a misuse of trust that causes issues with securing information
or control.
DNS Vulnerabilities

Vulnerability Description

An attacker exploits the traditionally open nature of the DNS system to redirect a
DNS poisoning domain name to an IP address of the attacker's choosing.
An attacker sets up a rogue DNS server. This rogue DNS server responds to legitimate
DNS hijacking requests with IP addresses for malicious or non-existent websites.
Wireless Security

Wireless security is the prevention of unauthorized access or damage to computers

or data using wireless networks, which include Wi-Fi networks.
Rogue Access Points

Rogue access points often do not

conform to wireless LAN (WLAN)
security policies, and additionally can
allow anyone with a Wi-Fi device to
connect to your network.

Rogue
Access Point
Evil Twins

dtech devtech
Legitimate Access Point Evil Twin

A rogue wireless access point installed near a legitimate one for purposes of
eavesdropping or phishing.
Jamming

Jamming is a simple, yet highly effective method of causing a DoS on a

wireless LAN.
Bluejacking

Bluejacking is a hacking method that allows an individual to send anonymous

messages to Bluetooth-enabled devices within a certain radius.
Bluesnarfing

Bluesnarfing is a device hack performed when a wireless, Bluetooth-

enabled device is in discoverable mode.
War Driving and War Chalking

War driving also called access point mapping

Warchalking is the drawing of symbols in public places to advertise an open Wi-

Fi network.
Wireless Replay Attacks

The delay or repeat of the data 10:00 A.M.

transmission is carried out by the

sender or by the malicious entity,
who intercepts the data and
retransmits it.

1:00 P.M.
Sinkhole Attacks

Sinkhole attacks are carried out by either hacking a node in the network or
introducing a fabricated node in the network
WEP and WPA Attacks
WEP
CF461
E
IV: CF461E
password
Password
WPA PASSWORD
Passphras
e:
passw0rd p4ssword
passw0rd

Wired Equivalent Privacy (WEP) is used in home / personal as well as enterprise

environments to protect the connection between a wireless device and Wifi
network with a secret key.
A Wi-Fi Protected Access (WPA) cracking attack captures traffic and then performs
an offline brute force attack to discover the encryption key.
WPS Attacks
Checksum

4018 291 7
40182917

10,000 possibilities for 1,000 possibilities for

WPS PIN first four digits next three digits

11,000 possibilities, not 100,000,000

The WPS attack is relatively straightforward using an open source tool

called Reaver.
Physical Security

❑ The implementation and practice of various control mechanisms that

are intended to restrict physical access to facilities.

❑ Assuring the reliability of certain critical infrastructure elements such as

electrical power, data networks, and fire suppression systems.
Physical Security, Threats and Vulnerabilities

• Physical security

• Physical threat

• Physical Vulnerability
Physical Security, Threats and Vulnerabilities

❑ Internal
❑ External
❑ Natural
❑ Man-made
Environmental Threats and Vulnerabilities

❑ Fire
❑ Hurricanes and tornadoes
❑ Flood
❑ Extreme temperature
❑ Extreme humidity
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
INFORMATION
ASSURANCE &
SECURITY 1
 MODULE 3
MANAGING DATA, APPLICATION,
AND HOST SECURITY
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Explain the application security;
▪ Patch management;
▪ Give different application security methods.
▪ Define the Data Security and its goals;
▪ Demonstrate the Layered Security;
▪ Enumerate the types of Data States
▪ Define manage device and host security;
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Discuss the concept of Operating System Security;
▪ Differentiate the Virtualization Security techniques
▪ Explain the process of mobile device types;
▪ Describe different mobile device vulnerabilities;
▪ Discuss mobile application security controls
 MANAGE DATA AND
APPLICATION SECURITY
What Is Application Security?
Application security is the process of making apps more secure by finding, fixing,
and enhancing the security of apps.

❑ Proper development, deployment, and maintenance of applications.

❑ Protects applications from threats and vulnerabilities.

Patch Management
A solid patch management practice is the best
defense against this type of attack, especially if
coupled with a vulnerability management program.

Evaluate
Evaluate
Non-
Production
System

Test
Test

Implement
Implement
Application Security Methods
❑Configuration
❑Application hardening
❑Patch management
Input Validation

01/01/2014 01/01/2014:DELETE table ‘Users’

Delivered Format:
Expected Format: mm/dd/yyyy:DELET
mm/dd/yyyy E table ‘Users”
Malicious Code

Data Valid: Proceed Data Invalid: Rejected

Input validation, also known as data validation, is the proper testing of

any input supplied by a user or application
Input Validation Vulnerabilities
❑ Any type of software.
❑ Websites and applications are popular targets.
❑ Requires careful coding to avoid.
 Client-Side and Server-Side Validation

❑Client-side validation:
✓ Input validation and error recovery at the browser
✓ JavaScript, AJAX, VBScript, and HTML 5 attributes

❑Server-side validation:
✓ Input validation and error recover at the server
✓ Perl, PHP, ASP, and other scripting languages

❑For enhanced user experience, use client-side validation.

❑For enhanced security, use server-side validation.
Error and Exception Handling

Valid User Name

Incorrect Password

Message:
Incorrect
password
Attacker
XSS - Cross-site scripting

Cross-site scripting (XSS) is a

XSS Stored
Attack type of computer security
vulnerability typically found in
web applications.

XSS Reflected
Attack
XSS - Cross-site scripting

XSS Stored
Attack

Stored cross-site scripting arises when an application receives data from an

untrusted source and includes that data within its later HTTP responses in an
unsafe way.
XSS - Cross-site scripting

XSS Reflected Attack

Reflected cross-site scripting arises when an application receives data in an HTTP

request and includes that data within the immediate response in an unsafe way.
XSRF - Cross-Site Request Forgery

Trust Established

Attacker Exploits
Trust

Cross-site request forgery, also known as one-click attack or session riding and
abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF
Cross-Site Attack Prevention Methods

❑Restrict HTML formatting in form fields.

❑Use input validation.
❑Restrict cookie information.
❑Encrypt data communications.
❑Advise on the Remember Me options.
Fuzzing

Weaknesses are
found and tracked

Random data is
sent

Fuzz testing (fuzzing) is a quality assurance technique used to discover coding

errors and security loopholes in software, operating systems or networks
Web Browser Security
❑Pop-up blocker
❑Parental controls
❑Automated updating
❑Encryption
❑Proxy support
❑Web content
❑Advanced security
Web Browser Security

✓ Pop-up blocker - is software that prevents pop-up windows from appearing on

a website.

✓ Parental controls - give guardians the ability to set parameters for what can
show up on a browser

✓ Automated updating
Web Browser Security

Encryption - is a process through which some or all of the Internet activity

initiated from a Web browser is natively encrypted.

Proxy server - is a server application or appliance that acts as an intermediary

for requests from clients seeking resources from servers that provide those
resources.

Web content - is the textual, visual, or aural content that is encountered as

part of the user experience on websites.
Guidelines for Establishing Web Browser Security
❑Disable auto-complete and password saving.
❑Harden the host machine.
❑Install the latest software.
❑Configure security settings.
❑Disable scripting.
❑Install anti-malware software.
 Layered Security

Defense in depth is a concept in

which multiple layers of security are
used to defend assets.

Site security deals with securing

the physical premises.
Defense in Depth

This multi-layered approach to

physical security is known as
defense-in-depth or a layered
security approach.
What Is Data Security?
Data Security is a process of protecting files, databases, and accounts on a
network

❑Security controls and measures implemented

to secure an organization’s data.

❑Protect data storage systems and devices

that access them.

❑Incorporated into security policies.

Data Security Vulnerabilities

❑Increased cloud computing

❑Lack of restricted access to data systems
❑Lack of user awareness
Data Storage Methods

Data storage is a general term for archiving data in electromagnetic or

other forms for use by a computer or device.

❑DAS - Direct-Attached Storage

❑NAS - Network-Attached Storage
❑SAN - Storage Area Network
❑Cloud
Data Storage Methods

Direct-attached storage (DAS) is computer storage that is connected to one

computer and not accessible to other computers.
Data Storage Methods

Network-Attached Storage - NAS is usually attached to your computer through

ethernet port via router or a network switch and allow multiple computers to
connect to your NAS device at the same time.
Data Storage Methods

Storage area network (SAN) or storage network is a Computer network which

provides access to consolidated, block-level data storage.
Data Storage Methods

Cloud storage is a model of computer data storage in which the digital

data is stored in logical pools.
Hardware-Based Encryption Devices

❑Enforces encryption, decryption, and access control using an HSM.

❑Denies execution of external programs.

❑Benefits:
✓Prevents unauthenticated storage mapping.
✓Prevents copying data without the assigned HSM.
✓Self-governed; not affected by malicious code or other OS issues.
✓Proves that all computers are encrypted and that data is secure.
Types of Hardware-Based Encryption Devices

❑TPM - Trusted Platform Module

❑HSM - Hardware security module
❑USB - Universal Serial Bus
Types of Hardware-Based Encryption Devices

TPM is a hardware-based encryption solution that is embedded in the

system's motherboard and is enabled or disable in BIOS.

Trusted Platform Module

Types of Hardware-Based Encryption Devices
Hardware Security Module (HSM) is a crypto processor that can be used
to enhance security. It provides a fast solution for the for large
asymmetrical encryption calculations and is much faster than software-
based cryptographic solutions

HSM - Hardware security module

Data States

❑Data at rest
❑Data in transit
❑Data in use
Permissions and Access Control Lists

❑Permissions:
✓Who can read or change data in a file or folder.
✓Implemented at individual file and folder level.

❑ACLs:
✓Who can access files and folders.
✓Implemented as MAC address filters on wireless
routers and wireless APs.
MANAGE DEVICE , MANAGE
MOBILE SECURITY
AND HOST SECURITY
Guidelines for Managing Application Security
❑Consider implementing a combination of client-side validation and
server-side validation.
❑Implement error and exception handling for applications developed in-
house.
❑Establish security configuration baselines.
❑Harden applications, especially web browsers.
❑Implement patch management for applications.
❑Implement input validation.
❑Protect against XSS and XSRF attacks.
❑Protect databases and associated applications.
 Hardening

Hardening is a collection of tools, techniques, and best practices to reduce

vulnerability in technology applications, systems, infrastructure, firmware, and
other areas.
Operating System Security

❑ Unique vulnerabilities for:

✓ Different operating systems
✓ Different vendors
✓ Client and server systems

❑ Vendors try to correct; attackers try to exploit.

❑ Security professionals must stay current.
Operating System Security Settings

❑ Manage services
❑ Configure firewall
❑ Configure Internet security
❑ Manage automatic updates
❑ Enable auditing and logging
TCB - Trusted Computing Base
Trusted OS

Firmware
A trusted computing base (TCB) refers to
all of a computer system's hardware,
firmware and software components that Hardware
combine to provide the system with a
secure environment.
Security Baselines

Compare

A "Security Baseline" defines a set of basic security objectives which must be

met by any given service or system
Software Updates

❑ Patches:
▪ Supplemental code

❑ Hotfixes:
▪ Address specific security flaws

❑ Rollups:
▪ Collection of patches and hotfixes

❑ Service Packs:
▪ Comprehensive updates with new features
Application Blacklisting and Whitelisting

❑Black listing:
✓ preventing identified programs from running.

❑White listing:
✓allowing only identified programs to run.
Logging

Log files are stored Log files are generated

from the system

A log file is a file that records either events that occur in an operating
system or other software runs, or messages between different users of a
communication software.
Auditing

Review security settings

Site security also provides the ability to audit activities within the facility. This
can be done through reviewing camera footage, badge reader logs, visitor
registration logs, or other mechanisms.
Anti-malware Software

Scanning…

Infections detected:
Quarantine 3
infected files

Antimalware (anti-malware) is a type of software program designed to prevent, detect and

remove malicious software (malware) on IT systems, as well as individual computing devices.
Types of Anti-malware Software

❑Antivirus
❑Anti-spam
❑Anti-spyware
❑Pop-up blockers
❑Host-based firewalls
Virtualization Security Techniques
❑Establish a patch management system.
❑Apply the least privilege concept.
❑Establish log requirements.
❑Establish secure design for virtual components.
❑Take consistent snapshots of virtual environments.
❑Ensure that virtual hosts are consistently available and elastic.
❑Leverage virtual sandboxes for security testing.
Hardware Security Controls

❑Logoff and shutdown procedures

❑Wireless device approval
❑Properly secured mobile devices
❑Cable locks
❑Strong password policies
Non-standard Hosts
❑Hosts and devices with static environments:
✓SCADA
✓Embedded-software systems
✓Mainframe computers
✓Some mobile devices
Security Controls for Non-standard Hosts
❑Layered security:
✓Network segmentation
✓Application firewalls

❑Manual updates:
✓Android
✓iOS

❑Firmware version control:

✓SCADA systems
✓Embedded systems

❑Wrappers
❑Controlling redundancy and diversity
Strong Passwords
Minimum Length

Special Characters
!Pass1234

Uppercase Letters
Numbers

Lowercase Letters

A basic component of an information security program is ensuring that employees select and
use strong passwords. The strength of a password can be determined by examining the
length, complexity, and randomness of the password.
Mobile Device Types

❑Smartphones
❑Wi-Fi enabled devices
Mobile Device Vulnerabilities
❑Viruses
❑Spam
❑Lost or stolen devices
Mobile Device Security Controls
❑Use device management.
❑Enable screen lock.
❑Require strong passwords.
❑Use device encryption if available.
❑Require remote wipe/sanitization/lockout.
❑Enable GPS tracking if available.
❑Enforce access control.
❑Enforce application control.
❑Track assets and keep inventory.
❑Limit removable storage use.
❑Implement storage segmentation.
❑Disable unused features.
Mobile Application Security Controls

❑Encryption and key management

❑Credential management
❑Authentication and transitive trust
❑Restricted geo-tagging
❑Application white listing
BYOD Controls
✓Corporate and acceptable use policies
✓On-boarding and off-boarding
✓Data/support ownership
✓Patch and antivirus management
✓Architecture and infrastructure needs
✓Forensics
✓Privacy
✓Control for on-board camera, microphone, and video use
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)
INFORMATION
ASSURANCE &
SECURITY 1
 MODULE 4
IMPLEMENTING
NETWORK SECURITY
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Define the Network components;
▪ Demonstrate the concepts of network analysis tools;
▪ Enumerate the types of network analysis tools
▪ Explain the types of network monitoring systems;
▪ Discuss how Network Address Translation operations;
▪ Give different deployment models of cloud computing
OBJECTIVES
Upon completion of this module, the student would be able to:
▪ Explain the types of networking protocols and services;
▪ Discuss how each networking protocols operates;
▪ Give different FTP protocols
▪ Explain the types of network administration security;
▪ Discuss how each wireless security protocols works;
▪ Give different wireless security methods
 CONFIGURE SECURITY
PARAMETERS ON NETWORK
DEVICES AND TECHNOLOGIES
Network Components
There are several common components that make up a network:
❑ Device
❑ Media
❑ Network adapter
❑ Network operating system
❑ Protocol
Network Devices
❑Router
❑Switch
❑Firewall
❑Load balancer
❑All-in-one security appliance
Using Dedicated Firewalls to Protect a Network

A firewall is a system that is designed to protect a computer or a computer

network from network-based attacks. A firewall does this by filtering the
data packets traversing the network.
OSI Model and Security

❑Identify threats and targets.

❑Identify how threats will impact your network.
❑Secure your network by layers.
When to Use a Hardware Firewall Instead of a Software Firewall
There are two basic types of software firewall:
▪ Host firewall
▪ Network firewall
Network Analysis Tools
❑Sniffers
❑Protocol analyzers

With an understanding of the network infrastructure, the next step is to analyze

the logs to see which traffic is allowed and which traffic is blocked.

▪ Ingress traffic
▪ Egress traffic
VLAN - Virtual Local Area Network

VLAN1 VLAN2

A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a
computer network at the data link layer
Subnet

Human Resources Accounting

Network

It is any broadcast domain that is partitioned and isolated in a computer

network at the data link layer
IDS - Intrusion Detection Systems

Sensor scans for

signs of attack

INTRUSION DETECTION SYSTEMS (IDS) are designed to detect unauthorized user

activities, attacks, and network compromises.
 IPS - Intrusion Prevention System
Monitors and blocks
suspicious activity

An intrusion prevention system (IPS) is very similar to an IDS, except that in

addition to detecting and alerting, an IPS can also take action to prevent the
breach from occurring.
NIDS - Network-based Intrusion Detection System

Monitors traffic and sends alerts

when suspicious traffic is detected

A network-based IDS (NIDS) monitors network traffic using sensors that are located
at key locations within the network, often in the demilitarized zone (DMZ) or at
network borders.
Wireless IDS

Monitors wireless traffic

and sends alerts when
suspicious activity is
detected

The WIDS is the software that detects an attack on a wireless network or

wireless system.
Network IPS

Monitors and blocks

suspicious activity on
the network

Intrusion Prevention System (IPS) is a network security/threat prevention

technology that examines network traffic flows to detect and prevent
vulnerability exploits.
Wireless IPS Monitors for and blocks
rogue access points on
the network

A wireless intrusion prevention system (WIPS) is a network device that monitors

the radio spectrum for the presence of unauthorized access points (intrusion
detection), and can automatically take countermeasures (intrusion prevention).
Guidelines for Applying Network Security Administration Principles

❑Manage network devices so that they are configured according to security policies.
❑Maintain documentation for all current server configurations.
❑Establish and document baselines.
❑Implement strong ACLs and implement implicit deny.
❑Update antivirus software regularly.
❑Configure only required network services.
❑Disable unused interfaces and unused application service ports.
❑Create and implement a DRP.
❑Apply security updates and patches.
❑Encrypt sensitive data.
❑Check event logs for unusual activity.
❑Monitor network activity.
NETWORK DESIGN ELEMENTS,
IMPLEMENT NETWORKING
PROTOCOLS AND SERVICES
Network Monitoring Systems

Network monitoring software is designed to monitor and manage the

network traffic flow over a network.
Types of Network Monitoring Systems

❑Behavior-based
❑Signature-based
❑Anomaly-based
❑Heuristic.
Web Security Gateway

Web Security
Gateway

Blocked Websites List

Tracking Software

A Web security gateway is a type of security solution that prevents

unsecured traffic from entering an internal network of an organization.
DMZ - Demilitarized Zones
DMZ
Web Server

DMZs are designed to provide access to systems without jeopardizing the

internal network.
NAT - Network Address Translation

NAT Server

24.96.83.120

192.168.12.20 192.168.12.30 192.168.12.100

Network Address Translation (NAT) is a technique used to modify the network

address information of a host while traffic is traversing a router or firewall.
There are two main types of NAT:

Static NAT is used when the

translated device needs to be
accessible from the public network.

Dynamic NAT. This is more

commonly used when many hosts
on the internal network need to
access the internet and don’t have a
requirement for a static address.
VPN - Virtual Private Network

VPN (Virtual Private Network) is a technology that uses encrypted tunnels to create
secure connections across public networks like the internet
 Main Office
VPN Concentrator

VPN
Concentrator

Remote User Branch Office Remote User

A VPN concentrator is a type of networking device that provides secure

creation of VPN connections and delivery of messages between VPN nodes.
Virtualization

Virtualization is the process of running a virtual instance of a computer system in a

layer abstracted from the actual hardware.
Cloud Computing

Cloud computing means storing and

accessing data and programs over the
Internet instead of your computer's
hard drive.
Cloud Computing Deployment Models

❑Private
❑Public
❑Community
❑Hybrid
Cloud Computing Service Types
• SaaS - Software as a Service
• PaaS - Platform as a Service
• IaaS - Infrastructure as a Service
DNS - Domain Name System (or Service or Server)

DNS Server

www.comptia.org

comptia.org
209.117.62.36
209.117.62.36
HTTP - Hypertext Transfer Protocol.

HTTP

Web Client Web Server

HTTP is the protocol used to transfer data over the web.

HTTPS

SSL/TLS

HTTPS, the secure version of HTTP web browsing, uses the SSL protocol.
SSL/TLS
1 Request secure connection

2 Send certificate and public key

3 Negotiate encryption
SECURE SHELL (SSH)
Session is encrypted

SSH Tunnel

Secure Shell (SSH) is a cryptographic network protocol for operating network

services securely over an unsecured network
Telnet

Man-in-the-Middle

TELNET (TELecommunication NETwork) is a network protocol used

on the Internet or local area network (LAN) connections.
Some of the applications supported with SSH include the following:
❑ Secure logon
❑ Secure remote command execution
❑ Secure file transfer
❑ Secure backup, copy, and mirroring of files
❑ Creation of VPN connections (when used in conjunction with the
OpenSSH server and client)
SNMP - Simple Network Management Protocol
SNMP Agents

Server Router Printer

s s s

SNMP Management System

Simple Network Management Protocol (SNMP) is a set of protocols for network

management and monitoring.
ICMP

Sending Node Receiving Node

Data Router Buffer Flood Warning

The Internet Control Message Protocol (ICMP) is a supporting protocol in the

Internet protocol suite.
IPSec
❑Data security in transit
❑Data authenticity and integrity
❑Anti-replay protection
❑Non-repudiation
❑Eavesdropping and sniffing protection

IPSec Standards

Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates
and encrypts the packets of data sent over an Internet Protocol network
 NetBIOS
❑Applications communicate across network
❑Connection communication over sessions
❑Connectionless datagram communication
❑Name registration
❑Vulnerable to analysis by malicious users
❑Implement strong passwords
❑Disallow root access
❑Disable null sessions

The BIOS provides an interface between the computer's operating system and the hardware.
File Transfer Protocols

FTP is used to transfer files between computers on a network.

File Transfer Protocols

SFTP (SSH File Transfer Protocol) is a network protocol that provides file transfer
and manipulation functionality over any reliable data stream.
File Transfer Protocols

FTPS (FTP/SSL) is a name used to provide a number of ways that FTP software
can perform secure file transfers.
File Transfer Protocols
TFTP - Trivial File Transfer Protocol is a file transfer protocol similar to FTP, but is
much more limited.
Ports and Port Ranges

A port is:
❑Endpoint of logical connections

❑Numbered from 0 to 65,535

❑Split into three blocks:

✓Well-known ports
✓Registered ports
✓Dynamic ports
 APPLY SECURE NETWORK
ADMINISTRATION PRINCIPLES
/ SECURE WIRELESS TRAFFIC
Network Administration Security Methods
❑Flood guards
❑Loop protection
❑Port security
❑MAC limiting
❑MAC filtering
❑Network separation
❑VLAN management
❑Implicit deny
❑Log analysis
Network Administration Security Methods

Flood guards serves as preventive control against denial-of-service (DoS) or

distributed denial-of-service (DDoS) attacks.

Loop protection increases the efficiency of STP, RSTP, and MSTP by preventing
ports from moving into a forwarding state that would result in a loop opening up in
the network.

Port Security enables an administrator configure individual switch ports to allow

only a specified number of source MAC addresses ingressing the port.
Network Administration Security Methods

MAC LIMITING protects against flooding of the Ethernet switching table,

and is enabled on Layer 2 interfaces (ports).

MAC FILTERING refers to a security access control method whereby the

MAC address assigned to each network card is used to determine access to
the network.

NETWORK SEPARATION is the tool used for dividing a network into smaller
parts which are called subnetworks or network segments.
Network Administration Security Methods

VLAN MANAGEMENT is a network switch that contains a mapping of

device information to VLAN.

IMPLICIT DENY is a security stance treats everything not given specific and
selective permission as suspicious.

LOG ANALYSIS is the term used for analysis of computer-generated records

for helping organizations, businesses or networks in proactively and
reactively mitigating different risks.
Guidelines for Applying Network Security Administration Principles

✓ Manage network devices so that they are configured according to security policies.
✓ Maintain documentation for all current server configurations.
✓ Establish and document baselines.
✓ Implement strong ACLs and implement implicit deny.
✓ Update antivirus software regularly.
✓ Configure only required network services.
Guidelines for Applying Network Security Administration Principles

✓ Disable unused interfaces and unused application service ports.

✓ Create and implement a DRP.
✓ Apply security updates and patches.
✓ Encrypt sensitive data.
✓ Check event logs for unusual activity.
✓ Monitor network activity.
Wireless Networks

❑Portable
❑Inexpensive
❑No obtrusive cabling
❑Introduces new, significant security issues

A wireless LAN (WLAN) allows users to connect to a network while allowing

them to remain mobile.
WIRELESS STANDARDS

Wireless standards are a set of services and protocols that dictate how your Wi-
Fi network (and other data transmission networks) acts.
WIRELESS STANDARDS
802.11: There were actually two variations on the initial 802.11 wireless standard.
Both offered 1 or 2Mbps transmission speeds and the same RF of 2.4GHz.
WIRELESS STANDARDS
802.11a - The first “letter” following the June 1997 approval of the 802.11 standard,
this one provided for operation in the 5GHz frequency, with data rates up to
54Mbps.
WIRELESS STANDARDS
802.11b - Released in September 1999, it’s most likely that your first home router
was 802.11b, which operates in the 2.4GHz frequency and provides a data rate up
to 11 Mbps.
WIRELESS STANDARDS
802.11g offers wireless transmission over distances of 150 feet and speeds
up to 54Mbps compared with the 11Mbps of the 802.11b standard.
WIRELESS STANDARDS
802.11n (Wi-Fi 4)
WIRELESS STANDARDS
802.11ac (Wi-Fi 5) - Current home wireless routers are likely 802.1ac-
compliant, and operate in the 5 GHz frequency space.
Wireless Security Protocols

Wireless security is the anticipation of unauthorized access or breaks to

computers or data by means of wireless networks.
Wireless Security Protocols

WEP was included as part of the original IEEE 802.11

standard and was intended to provide privacy

WPA was designed as the interim successor to WEP.

WPA2 is the security method added to WPA for wireless networks that provides
stronger data protection and network access control

WPA3, released in June 2018, is the successor to WPA2, which security experts
describe as “broken.”
Wireless Security Methods

❑Configure access point settings.

❑Adjust SSID settings.
❑Enable encryption.
❑Configure network security settings.
❑Adjust antenna and power source placement.
❑Adjust client settings.
Understanding Service Set IDentifier (SSID)
The most basic component of the wireless network is the SSID

While there aren’t any specific security capabilities associated with the SSID, there
are some security considerations that should be taken into account:

✓ Choose your own SSID

✓ Follow naming conventions
✓ Turn off your SSID
Captive Portals
A captive portal is a web page
accessed with a web browser that
is displayed to newly connected
users of a Wi-Fi or wired network
before they are granted broader
access to network resources.
Site Surveys

Site surveys are inspections of an area where work is proposed, to

gather information for a design or an estimate to complete the initial
tasks required for an outdoor activity.
Guidelines for Securing Wireless Traffic
❑Keep sensitive data off of wireless devices.
❑Install antivirus software on wireless devices.
❑Harden wireless devices and routers.
❑Use a VPN with IPSec.
❑Conduct a site survey.
❑Implement security protocols.
Guidelines for Securing Wireless Traffic
❑Implement authentication and access control.
❑Implement an IDS.
❑Avoid relying on MAC filtering and disabling SSID broadcasts.
❑Implement captive portals that require login credentials.
❑Follow hardware and software vendors’ security recommendations.
❑Document all changes.
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Paperback – October 12, 2017 by Darril Gibson

• CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification

Guide), David L. Prowse (2018)

• CompTIA Security+ Study Guide: Exam SY0-501 7th Edition by

Emmett Dulaney (Author), Chuck Easttom (Author)