Chapter 1: Fundamentals of Security AL Exam Objectives ✓ Types of attacks ✓ Authentication and authorization TE ✓ Data protection RI ✓ Physical security MA O TE D ne of the most important skills to have if you are going to support networked systems or systems connected to the Internet is the capability of securing systems and networks. And even if you are not working in a networked environment, you can apply these same skills to your customers with home Internet machines.
1040 Identifying Types of Attacks data into the site to manipulate your database server into executing the code that the hacker wants to execute — and this happens because the hacker understands the technologies being used. The two types of hackers are ✦ White-hat hackers, who try to “hack” or break software or hardware so as to understand how to protect the environment from black-hat hackers. These are the good guys.
Identifying Types of Attacks 1041 There are a number of popular social engineering attacks scenarios — and network administrators are just as likely to be social engineering victims as “regular” employees, so they need to be aware. Here are some popular social engineering scenarios: ✦ Hacker impersonates IT administrator. The hacker calls or e-mails an employee and pretends to be the network administrator. The hacker tricks the employee into divulging a password or even resetting the password.
1042 Identifying Types of Attacks ✦ One text file contains the most popular user accounts found on networks, such as administrator, admin, and root. ✦ The second text file contains a list of all the words in the English dictionary, and then some. You can also get dictionary files for different languages. The program then tries every user account in the user account file with every word in the dictionary file, attempting to determine the password for the user account.
Identifying Types of Attacks 1043 Denial of service Another popular network attack is a denial of service (DoS) attack, which can come in many forms and is designed to cause a system to be so busy that it cannot service a real request from a client, essentially overloading the system and shutting it down. For example, say you have an e-mail server, and a hacker attacks the e-mail server by flooding the server with e-mail messages, causing it to be so busy that it cannot send anymore e-mails.
1044 Identifying Types of Attacks 2. All systems that were pinged reply to the modified source address — an unsuspecting victim. 3. The victim’s system (most likely a server) receives so many replies to the ping request that it is overwhelmed with traffic, causing it to be unable to answer any other request from the network. To protect against spoof attacks you can implement encryption and authentication services on the network.
Identifying Types of Attacks 1045 Man-in-the-middle To protect against man-in-the-middle attacks you should restrict access to the network and implement encryption and authentication services on the network. Session hijacking A session hijack is similar to a man-in-the-middle attack, but instead of the hacker intercepting the data, altering it, and sending it to whomever it was destined for, the hacker simply hijacks the conversation — a session — and then impersonates one of the parties.
1046 Identifying Types of Attacks To protect against wireless attacks you should implement encryption protocols such as WPA2 and use an authentication server such as a RADIUS server for network access For more information on wireless check out Book VIII, Chapter 2. Software-based attacks Just as there are a number of different types of network attacks, there are a number of software attacks as well. As you can likely guess, a software attack comes through software that a user runs.
Understanding Physical Security 1047 Book IX Chapter 1 Fundamentals of Security Figure 1-3: Using NetBus to control a user’s computer. Worm A worm is a virus that does not need to be activated by someone opening the file. The worm is self-replicating, meaning that it spreads itself from system to system, infecting each computer. To protect against a worm, you should install a firewall. A firewall is a piece of software or hardware that prevents someone from entering your system.
48 Understanding Physical Security room is a hacker cannot boot off a bootable CD-ROM, which could bypass the OS entirely. After a hacker bypasses the OS, he typically can bypass a lot of the security by booting to a totally different OS. You can apply enterprise security best practices to your home systems. For example, to help secure your home system, you might want to prevent booting from a CD-ROM so that an unauthorized person cannot try to bypass your Windows security.
Understanding Physical Security 1049 ✦ Secure server placement. Lock your servers in a room for which only a select few individuals have the key. ✦ Disable boot devices. Dsable the ability to boot from a floppy disk or CD-ROM in the CMOS setup on the systems. ✦ Set CMOS password. Because most hackers know how to go to CMOS and enable booting from CD-ROM, make sure that you set a password on CMOS so that a hacker cannot modify your CMOS settings. Figure 1-4 shows a CMOS password being enabled.
1050 Understanding Authentication and Authorization Figure 1-5: A lockdown cable is used to secure computer equipment to a desk. Remembering ways to physically secure your systems will help you with the security portion of the A+ exam. Be sure to place critical systems in locked rooms and lock down equipment that is accessible by the public. Understanding Authentication and Authorization After you physically secure your environment, focus on the people who access your systems and network.
Understanding Authentication and Authorization 1051 Figure 1-6: A fingerprint reader is an example of biometrics used for authentication. The name of the account database that stores the usernames and passwords is different, depending on the environment. In a Microsoft network, the account database is the Active Directory Database and resides on a server known as a domain controller (shown in Figure 1-7).
1052 Understanding Authentication and Authorization the access token or one of the groups contained in the access token are also contained in the permission list, you are granted access to the resource. If not, you get an access-denied message. Logon Request Send to Domain Controller Logon Success or Failure Returned to Client Windows Client Windows Server (Domain Controller) Verified Against Active Directory Figure 1-7: Logging on to Active Directory in a Microsoft network environment.
Understanding Authentication and Authorization 1053 Strong passwords It is really hard to talk about authentication without talking about ensuring that users create strong passwords. A strong password is a password that is very difficult for hackers to guess or crack because it contains a mix of uppercase and lowercase characters, contains a mix of numbers and letters, and is a minimum of eight characters long.
1054 Methods of Securing Transmissions Figure 1-8: Using permissions to authorize which users are allowed to access the resource. In Figure 1-8, you can see that the Administrators and Jill have access to the resource. No one else is authorized to access the resource. You find out how to set permissions in the next chapter, but for now, make sure you understand the difference between authentication and authorization. Rights In the Windows world, there is a difference between permissions and rights.
Methods of Securing Transmissions 1055 Here is a real-world example. You type your credit card number on a Web site, but you certainly do not want that credit card number to be viewed while you send it from your client computer to the server. You want to be sure that the Web site where you enter the credit card number encrypts the traffic. You can tell by the lock icon that appears in the Web browser, as shown in Figure 1-9. Figure 1-9: Identifying a secure site by locating the lock in Internet Explorer.
1056 Do Not Forget about Data Protection encrypt and decrypt network traffic. Because of the configuration, it is an unlikely solution for a Web site but is a great way to encrypt traffic on your network. ✦ Virtual Private Network (VPN): A VPN allows a user to connect across the Internet to a remote network, typically her office network, and send information between her system and the office network securely.
Do Not Forget about Data Protection 1057 Hard drive destruction I have talked to some customers who used to destroy drives by driving spikes through them, but what they found was that the data around the hole that the spike put in the drive could still be read! These customers now disintegrate the drive in a huge shredder. Other customers sand the drives right down to nothing. Either way, if securing the data is a concern, make sure to physically destroy the disk that contains the data.
1058 Do Not Forget about Data Protection Backup review You can find out more about backups in Book VII, Chapter 3, but for the exam, here are some of the key points you need to remember. When you perform a backup, the OS keeps track of which files have been changed since the last backup by setting the archive bit. The archive bit is an attribute of the file that tells the system that the file has changed. To view the archive bit within Windows XP or Vista, right-click the file and choose Properties.
Do Not Forget about Data Protection 1059 during an incremental backup, because the backup process clears the archive bit, the file will not be backed up during subsequent incremental backups unless the file changes again. Tape rotation and offsite storage Take the time to rotate tapes so that the same tape is not used all the time. You also want to make sure that you store a backup offsite in case of a disaster such as flood or fire.
1060 Do Not Forget about Data Protection by writing the data at the same time to two different disks, essentially taking less time to read or write to the file. Note that the data is split between both drives, and there is no duplication — which means that this is not really a redundant solution. ✦ RAID Level 1: Also known as a mirrored volume in Windows. A mirrored volume duplicates the data stored on one disk to another disk. If one disk fails, the other disk has a copy of the data.
Do Not Forget about Data Protection 1061 Compliance and classification Compliance Data compliance is the concept of protecting the data from information leaks and ensuring recoverability of information by following government regulations and industry regulations. For example, if you are in the health industry, you must be compliant with the Health Insurance Portability and Accountability Act (HIPAA), which requires that health records and patient information be secured and kept private.
1062 Getting an A+ Data classification is assigned to the information based on the value of the information to the organization. Each classification level is designed to indicate whether the information is to be kept private or is available for public release.
1 What type of attack involves the hacker tricking a user through social contact? A B C D 2 Password attack Eavesdrop attack Man-in-the-middle attack Social engineering attack ❍ ❍ ❍ ❍ DoS attack Eavesdrop attack Man-in-the-middle attack Password attack What type of RAID volume duplicates the data fully on two disks? A B C D 5 ❍ ❍ ❍ ❍ What type of attack involves the hacker causing your system or network to become unresponsive to valid requests? A B C D 4 Password attack Eavesdrop attack Man-in-th
6 Which of the following are forms of biometrics? (Select all that apply.
1 D. Social engineering is a type of hack that involves contacting victims through phone or e-mail and tricking them into doing something that compromises company security. See “Social engineering attacks.” 2 B. An eavesdropping attack occurs when a hacker monitors network traffic to try to capture information that could be useful in another attack. Review “Eavesdropping attack.” 3 A.
1066 Book IX: Securing Systems
