Computer Networks/Security
Appearance
This lesson introduces network security.
Objectives and Skills
[edit | edit source]Objectives and skills for the network security portion of Network+ certification include:[1]
- Compare and contrast risk related concepts
- Disaster recovery
- Business continuity
- Battery backups/UPS
- First responders
- Data breach
- End user awareness and training
- Single point of failure
- Critical nodes
- Critical assets
- Redundancy
- Adherence to standards and policies
- Vulnerability scanning
- Penetration testing
- Compare and contrast common network vulnerabilities and threats
- Attacks/threats
- Denial of service
- Distributed DoS
- Botnet
- Traffic spike
- Coordinated attack
- Reflective/amplified
- DNS
- NTP
- Smurfing
- Friendly/unintentional DoS
- Physical attack
- Permanent DoS
- Distributed DoS
- ARP cache poisoning
- Packet/protocol abuse
- Spoofing
- Wireless
- Evil twin
- Rogue AP
- War driving
- War chalking
- Bluejacking
- Bluesnarfing
- WPA/WEP/WPS attacks
- Brute force
- Session hijacking
- Social engineering
- Man-in-the-middle
- VLAN hopping
- Compromised system
- Effect of malware on the network
- Insider threat/malicious employee
- Zero day attacks
- Denial of service
- Vulnerabilities
- Unnecessary running services
- Open ports
- Unpatched/legacy systems
- Unencrypted channels
- Clear text credentials
- Unsecure protocols
- TELNET
- HTTP
- SLIP
- FTP
- TFTP
- SNMPv1 and SNMPv2
- TEMPEST/RF emanation
- Attacks/threats
- Given a scenario, implement network hardening techniques
- Anti-malware software
- Host-based
- Cloud/server-based
- Network-based
- Switch port security
- DHCP snooping
- ARP inspection
- MAC address filtering
- VLAN assignments
- Network segmentation
- Security policies
- Disable unneeded network services
- Use secure protocols
- SSH
- SNMPv3
- TLS/SSL
- SFTP
- HTTPS
- IPsec
- Access lists
- Web/content filtering
- Port filtering
- IP filtering
- Implicit deny
- Wireless security
- WEP
- WPA/WPA2
- Enterprise
- Personal
- TKIP/AES
- 802.1x
- TLS/TTLS
- MAC filtering
- User authentication
- CHAP/MSCHAP
- PAP
- EAP
- Kerberos
- Multifactor authentication
- Two-factor authentication
- Single sign-on
- Hashes
- MD5
- SHA
- Anti-malware software
- Compare and contrast physical security controls
- Mantraps
- Network closets
- Video monitoring
- IP cameras/CCTVs
- Door access controls
- Proximity readers/key fob
- Biometrics
- Keypad/cipher locks
- Security guard
- Summarize basic forensic concepts
- First responder
- Secure the area
- Escalate when necessary
- Document the scene
- eDiscovery
- Evidence/data collection
- Chain of custody
- Data transport
- Forensics report
- Legal hold
- Given a scenario, troubleshoot and resolve common security issues
- Misconfigured firewall
- Misconfigured ACLs/applications
- Malware
- Denial of service
- Open/closed ports
- ICMP related issues
- Ping of death
- Unreachable default gateway
- Unpatched firmware/OSs
- Malicious users
- Trusted
- Untrusted users
- Packet sniffing
- Authentication issues
- TACACS/RADIUS misconfigurations
- Default passwords/settings
- Improper access/backdoor access
- ARP issues
- Banner grabbing/OUI
- Domain/local group configurations
- Jamming
Readings
[edit | edit source]- Wikipedia: Network security and related articles.
Multimedia
[edit | edit source]- YouTube: Business Risk - CompTIA Network+ N10-006 - 3.1
- YouTube: Single Point of Failure - CompTIA Network+ N10-006 - 3.1
- YouTube: Vulnerability Scanning - CompTIA Network+ N10-006 - 3.1
- YouTube: Penetration Testing - CompTIA Network+ N10-006 - 3.1
- YouTube: Denial of Service - CompTIA Network+ N10-006 - 3.2
- YouTube: Wireless Network Attacks - CompTIA Network+ N10-006 - 3.2
- YouTube: Wireless Protocol Attacks - CompTIA Network+ N10-006 - 3.2
- YouTube: Brute Force Attacks - CompTIA Network+ N10-006 - 3.2
- YouTube: Session Hijacking - CompTIA Network+ N10-006 - 3.2
- YouTube: Social Engineering - CompTIA Network+ N10-006 - 3.2
- YouTube: Man in the Middle Attacks - CompTIA Network+ N10-006 - 3.2
- YouTube: VLAN Hopping - CompTIA Network+ N10-006 - 3.2
- YouTube: Compromised Systems - CompTIA Network+ N10-006 - 3.2
- YouTube: Insider Threats - CompTIA Network+ N10-006 - 3.2
- YouTube: Zero-day Attacks - CompTIA Network+ N10-006 - 3.2
- YouTube: Operating System Vulnerabilities - CompTIA Network+ N10-006 - 3.2
- YouTube: Anti-Malware Software - CompTIA Network+ N10-006 - 3.3
- YouTube: Switch Port Security - CompTIA Network+ N10-006 - 3.3
- YouTube: Security Policies - CompTIA Network+ N10-006 - 3.3
- YouTube: Disabling Unneeded Network Services - CompTIA Network+ N10-006 - 3.3
- YouTube: Using Secure Protocols - CompTIA Network+ N10-006 - 3.3
- YouTube: Access Lists - CompTIA Network+ N10-006 - 3.3
- YouTube: Wireless Security - CompTIA Network+ N10-006 - 3.3
- YouTube: User Authentication - CompTIA Network+ N10-006 - 3.3
- YouTube: Hashing - CompTIA Network+ N10-006 - 3.3
- YouTube: Physical Security Controls - CompTIA Network+ N10-006 - 3.4
- YouTube: Basic Forensic Concepts - CompTIA Network+ N10-006 - 3.7
- YouTube: Troubleshooting Firewall Security Issues - CompTIA Network+ N10-006 - 4.7
- YouTube: Troubleshooting Operating System Security Issues - CompTIA Network+ N10-006 - 4.7
- YouTube: Troubleshooting Denial of Service - CompTIA Network+ N10-006 - 4.7
- YouTube: Troubleshooting ICMP and ARP - CompTIA Network+ N10-006 - 4.7
- YouTube: Troubleshooting Malicious User Activities - CompTIA Network+ N10-006 - 4.7
- YouTube: Troubleshooting Authentication Issues - CompTIA Network+ N10-006 - 4.7
Activities
[edit | edit source]- Manage user accounts, group accounts, and permissions.
- Review HowToGeek: Windows Networking - Sharing Files and Resources.
- Review Microsoft: Create User Account and Microsoft: Why Use a Standard User Account. Create a standard user account.
- Review Microsoft: User Groups. Create a new group.
- Review Microsoft: Add a User Account to a Group. Add the new user account to the new group.
- Review Microsoft: What are Permissions?. Create a new folder and set permissions on the folder so that the new group has full control of the folder. Remove all other users and groups from folder permissions.
- Attempt to open the folder. You should be denied access. As creator of the folder, you can modify permissions on the folder, but because you do not have permission to read the folder, you may not open it.
- Log into the computer as the new user and attempt to open the folder. You should be able to access the folder.
- To clean up, log in using your administrator account. Change permissions on the folder to give yourself full control. Then delete the folder. Delete the new user account and new group account.
- Configure Password Policy and Account Lockout Policy.
- Review Wikipedia: Password policy and Microsoft: Change Password Policy Settings.
- Examine password policy settings on your system and consider adding restrictions such as minimum password length, password complexity requirements.
- Review Microsoft: How to Configure Security Policy Settings and Microsoft: Configuring Account Lockout Policies.
- Examine account lockout policy settings on your system and consider adding restrictions on account lockout threshold and account lockout duration.
- Use a network scanner to audit your network.
- Review Wikipedia: Nmap nmap documentation.
- Download and install Nmap.
- Review Linux.com: Audit Your Network with Zenmap.
- Use ipconfig to display your host IP address. Based on the address displayed, use Zenmap to scan your network.
- Based on the results of the scan, adjust any device settings necessary to reduce vulnerabilities and harden the network.
- Back up your system and restore files.
- Review Microsoft: Back Up Files.
- Perform a full system backup. If you don't have enough external storage space for a full backup, consider backing up important files and folders to cloud storage.
- Restore one or more files from the backup.
- Examine physical security and risk scenarios for your network environment.
- What physical security controls are in place for your building and your network / computer equipment?
- What risk management practices are in place, such as disaster recovery plans, battery backup, data backup, redundancy, vulnerability scanning, and user training?
- Are any changes necessary to improve physical security or reduce risk?