Phishing Browser Hijacking Based on standard X.

509 Use public-key verification Transport Layer Cryptographic security Interoperability Extensibility Relative efficiency Session keys generated during SSL private key cryptography transactions are 40Bits or 128Bits Layered above transport protocol, such as TCP Used for encapsulation of higher level protocols. Used for client/server mutual authentication, negotiation of crypto algorithm, exchange of keys. SSL/TLS SSL Record Protocol SSL Protocol SSL Handshake Protocol SSL 3.0

Web Security

Encryption of messages based on algorithms IDEA, 3DES, RC4 Mutual Authentication using public-key cryptography, DSS and RSA Integrity verification of messages using message authentication code (MAC), MD5 and SHA SSL and TLS cannot interoperate designed to provide secure messaging over HTTP One entity that S-HHTP enabled can communicate with one that is not. Supports a symmetric-key encryption-only mode S-HHTP HTTP/S

Host-based IDS Network-base IDS String Signature Port Signature Header condition signature Knowledge-based Behavior-based Place Hub between the monitored connections Switches Spanning Ports IDS Approaches Signature Types Logon Abuse Inappropriate system use Eavesdropping Passive Active Back doors Piggybacking

Network Intrusion DoS - Denial of Service

IDS placement Honeypots

Network Attacks and Abuse

Session Hijacking

IP Spoofing C2MYAZZ TCP Sequence Number Attack DNS Poisoning/Cache Poisoning Fragmentation Tiny fragment attack Overlapping fragment attack War dialing Dial-Up Attacks Demon dialing ToneLoc

Provide the ability to respond quickly and effectively Contain and repair the damage from incidents. Prevent Future Damage Analysis of an event notification Response to an incident if the analysis warrants it Escalation path procedures Resolution, post-incident follow-up, and reporting to the appropriate parties Coordinate the notification and distribution of information pertaining to the incident to the appropriate parties through predefined path Mitigate risk by minimizing the disruptions to normal business activities and the costs associated with remediating the incident Assemble teams of technical personnel to investigate the potential vulnerabilities and to resolve intrusions. Incident Response Management Primary Directive Tasks

Intrusion Detection and Response

Computer Incident Response Team

Network Security Protocols Confidentiality Network Authentication services Data Encryption services Firewall Services

CIA TRIAD

Integrity

Communications Security Management Intrusion Detection Services Fault Tolerance for data availability, backups and redundant disk systems

Original standard. 1 or 2 Mbps transmission speed in the 2.4 GHz band. Modulation is PSK - phase-shift keying 54 Mbps in 5 Ghz band 11 Mbps in 2.4 GHz Provide QoS and multimedia support How data can be shared and authenticated between APs, support seamless roaming 20 Mbps to 54 Mbps in the 2.4 GHz Enhances 802.11a to allow use in Europe TKIP, which generates more complex dynamic keys CCMP, uses AES algorithm with CBCMAC (CCM). Not backward compatible 100 - 600 Mbps in the 5 GHz defines Wireless Personal Area Networks (WPAN), such as bluetooth, in the 2.4-2.5 GHz Port-Based Network Access Control standard WAE - wireless application environment WSP - Wireless Session Protocol WTP - Wireless Transactional Protocol WTLS - Wireless Transport Layer Security WDP - Wireless datagram protocol 802.11i 802.11a 802.11b 802.11e Bus Ring 802.11 Availability

Acceptable logins and operating process performances Reliable and interoperable security processes and network security mechanisms

Network Topologies
802.11f Standards

Star Tree Mesh

802.11g 802.11h

WWW

Wireless Technologies
7. Application Layer

FTP TFTP LPD SMTP

802.11n

802.15

HTTP TIFF

802.1x 1. Application 2. Session 3. Transaction 4. Security 5. Transport WAP

6. Presentation Layer

JPEG MIDI MPEG Duplex Modes Half-duplex Simplex Connection establishment

Electronic Vaulting Remote Journaling Database shadowing Hot Rollover Warm Rollover Server Fault Tolerance, Concept of RAID 1 (mirroring), primary server mirrors data on secondary Group of independent servers managed as a single system. Same concept of redundant servers, however, all servers are online and take part in processing service requests. Sometimes called as Server Farm Redundant communications lines Server clustering Redundant Servers High Availability and Fault Tolerance

5. Session Layer

Session phases

Data Transfer Connection Release

NFS SQL RPC

Network Availability

OSI Model (Open Systems Interconnect)

UDP 4. Transport Layer TCP SPX Message Routing Error detection Control of node data traffic 3. Network Layer IP OSPF ICMP RIP Token Ring and Ethernet operate at this layer.

Asynchronous Dial-Up Access Integrated Services Digital Network (ISDN) Downstream 1.5-9 Mbps Upstream 16-640 Kbps Downstream 1.544 Mbps Upstream 1.544 Mbps Downstream 1.544 Mbps Upstream 1.544 Mbps Downstream 13 - 52 Mbps Upstream 1.5 - 2.3 Mbps Asynchronous DSL

Single-line DSL XDSL (Digital Subscriber Line) High-rate DSL Remote Access Types 2. Data Layer

Formats messages into data frames and adds customized header with hardware destination and source address Logical Link Control Media Access Control (MAC)

Very-high data rate DSL Most insecure, due to not filtered traffic and not firewall Not a User Authentication

Protocols

SLIP PPP Signal Regeneration and Repeating Function

Cable Modems 1. Physical Layer

Sends bits and Receives bits. X.21 HSSI - High Speed Serial Interface

Filters out unauthorized users based on their source protocol address and enables incoming calls from specific addresses on an approved list. Authenticates node

Restricted Address

1. Authentication 2. Access Control Security Services 3. Data confidentiality 4. Data Integrity 5. Non-repudiation 6. Logging and monitoring OSI Security Services and Mechanisms
SM is a control in order to provide SS

Checks for incoming phone number against approved list. Most common security method. Very hard to beat Hard to administer traveling users Access server calls back on permitted phone number. Authenticates node, not user Difficult to administer traveling users. Remote Access VPN Network-to-network VPN Intranet Access VPN Client an Server must be using same protocol Based on Layer 2 or Layer 3 protocol Not intended as substitute for encryption/decryption Works at Data layer Uses native PPP authentication and encryption services. Uses TCP for tunnel maintenance and GRE to encapsulate frames for tunneled data Payloads of encapsulated PPP frames can be decrypted. Does not support TACACS+ and RADIUS Combination of L2F and PPTP Works at Data Layer Accepted tunneling standard for VPNs Designed for single point-to-point clientto-server connections. Supports TACACS+ and RADIUS. Uses UDP and series of L2TP messages for tunnel maintenance. Uses UDP to send L2TP-encapsulated PPP frames as tunneled data. Payloads of encapsulated PPP can be encrypted and compresses Operates at Network Layer Encompasses network-to-network connectivity Contains Functionality to encrypt and authenticate IP data Tunnel mode allows IP packet to be encrypted and then encapsulated in an IP header to be sent across Internet. Uses Authentication Header (AH) to provide source authentication without encryption Only sender and receiver know key. Serial Line Internet Protocol (SLIP) Defines encapsulation method to transmit multiprotocol packets over Layer 2 point-to-point links. Full-duplex protocol Can be used on various physical media, twisted pari, fiber-optics, satellite Uses variations of High-speed data link control for packet encapsulation Basic clear text authentication scheme PAP - Password Authentication Method Internet Protocol Security (IPSec) Layer 2 Tunneling Protocol (L2TP) Point-to-Point tunneling protocol (PPTP) Callback Caller ID

Remote Access Security Methods

1. Encipherment 2. Digital signature 3. Access control

Security Mechanisms Common Configurations

4. Data integrity 5. Authentication 6. Traffic padding 7. Routing control 8. Notarization

VPN Tunneling

CISSP Domain Telecommunications and Network Security

Data Encapsulation

Process in which information from one data packet is wrapped around or attached to the data of another packet. 7. Application Layer 4. Application Layer 6. Presentation Layer 5. Session Layer 4. Transport Layer 3. Host-to-host Layer Primary Protocols TCP UDP
Must use Ports to communicate. Source port usually assigned dynamically above 1023

TCP/IP - Transport Connection Protocol/Internet Protocol

Layers

3. Network Layer IP 2. Internet Layer Primary Protocols ARP RARP ICMP 1. Network Access Layer 2. Data Layer 1. Physical Layer

CSMA/CD - Carrier-Sense Multiple Access with Collision Detection Bus Topology Ethernet 10BaseT Star Topology 100BaseT 1000BaseT ArcNet Token Ring FDDI - Fiber Distributed Data Interface CDDI - Coper Distributed Data Interface VPN Protocols 50ohm cable used for digital signaling Types Coaxial Cable (COAX) 75ohm cable used analog signaling and high-speed digital signaling Baseband Broadband Star Topology Token Base 10Base2 10Base5

Remote Access Technologies

LAN Technologies

Transmission Methods VPN - Virtual Private Networking Types STP - Shielded UTP - Unshielded CAT1 - Under 1 MHz Twisted Pair Categories CAT2 - 1 MHz

Encrypted authentication mechanism that avoid transmission of actual passwords on the connection Uses MD5 one way hashing Protects against replay attacks Protects against remote client impersonation Encrypted authentication mechanism similar to CHAP Uses MD4 one way hash Provides additional error codes to CHAP implementation, including password expiry. Client/Server messages that permit users change passwords Both client and NAS independently generate an initial key for subsequent data encryption by MPPE, therefore MPPE encryption is required to be enabled Updated encrypted authentication mechanism that provides stronger security Determines 2 encryption keys, one for data sent and one for data received. Provides mutual authentication. Designed to allow dynamic addition of authentication plug-in modules at both client and server ends of a connection. Standard for strong encryption based on public key certificates Requires enabled MPPE Lightweight, UDP based protocol for managing remote user authentication and authorization Fully Open Protocol Distributed Client/Server system Can be used with TACACS+ and Kerberos to provide CHAP remote node authentication Use of Dynamic Passwords Does not support all protocols Does not provide two-way authentication Does not provide password management Cisco Proprietary Authentication protocol that provides remote access authentication and related services, such as even logging. The use of two-factor password authentication Ability for a user to change password Resynchronization of tokens Better audit trails and session accounting TACACS+ TACACS RADIUS MS CHAP v2 Point-to-Point Protocol (PPP) MS CHAP - Microsoft Challenge Handshake Protocol Authentication methods CHAP - Challenge Handshake Authentication Protocol

CAT3 - 16 MHz - 10BaseT, 4 Mbs Token RIng CAT4 - 20 MHz - 16 Mbps Token Ring CAT5 - 100 MHz - 100BaseT

Cabling Types

Fiber-Optic Cable Attenuation - Loss of signal as data travels through cable. The higher frequency the longer the cable, the greater risk of attenuation Cable Failures Crosstalk - Data signals on different wires mix. UTP is more susceptible Noise - Environment electromagnetic radiation from various sources. Transmission types Analog Digital

EAP - Extensible Authentication Protocols

SONET - synchronous Optical Network Dedicated Lines Leased line - dedicated line reserved for private use Point-to-point Link Digital Signal Level 0 (DS-0) Digital Signal Level 1 (DS-1) Digital Signal Level 3 (DS-3) T-carriers T1 - 1.544 Mbps T3 - 44.736 Mbps E1 - 2.048 Mpbs, Used in Europe Technologies E3 - 34.368 Mpbs, Used in Europe Circuit-switched networks - dedicated physical circuit path must exist between sender and receiver. ISDN X.25 Switching Packet-switched networks - nodes share bandwidth wit each other by sending small data units called packets. Data is broken up into packets and sent to next destination based on router's understanding of the best available route. LAPB Technologies Frame Relay Switched Multi-megabit Data Service (SMDS) Asynchronous Transfer Mode (ATM) Voice over IP Synchronous Data Link Control (SDLC) Protocols High-level Data Link Control (HDLC) High-Speed Serial Interface (HSSI) Routers Multiplexers File Services Mail Services Print Services Client/Server services Domain Name Services FTP SFTP - Secure file transfer protocol TFTP - Trivial file transfer protocol SSH/SSH-2 Internet global network of public networks and ISPs throughout the world Provides more security than public posting on Internet Uses company internal, physical network infrastructure. Private network that uses Internet protocols. File Transfer Services NAT - Network Address Translation Devices WAN Switches Access Servers Modems Channel Service Unit(CSU)/Data Service Unit(DSU) Static Mapping Dynamic Mapping Port address translation (PAT)

EAP-TLS - EAP Transport layer security

WAN - Wide area network

Common Data Network Types

Common Data Network Services

Operate at Physical level of OSI model

Hubs and Repeaters Bridges

Intranet Extranet

Operate at Data Link Layer STP - Spanning Tree Protocol. Uses SPA spanning tree algorithm - to prevent broadcast storms and looping. Works with bridges as well. Operate at Data Link Layer. However, intelligent switches can operate at level 3 with combining, switching and routing techniques. 1. Learning 2. Flooding 3. Filtering 4. Forwarding 5. Aging Operate at Network Layer Static Routing RIP - routing Information Protocol LSP - Link State Protocol Distance vector routing Link state routing Layer 3 Switching VLANs Routing Methodologies Transparent bridging - allows a switch to learn everything it needs to know about location of nodes of the network.

CSMA

CSMA/CD CSMA/CA

LAN transmission protocols

Switches

Polling Token Passing Broadcast

Routers

Networking Devices
Gateways

LAN Extenders Packet-Filtering Firewalls Proxy firewalls Circuit-Level Firewall Stateful Inspection Firewall Generation 1 - Packet filtering Generation 2 - Proxy Generation 3 - Stateful Generation 4 - Dynamic Packet Filtering Generation 5 - Kernel Proxies Packet-Filtering Screened Hosts Dual-homed hosts Screened subnet firewalls Operates at transport layer. Socks Bastion Host Architectures Generation Firewall