Topics include:
Introduction to Security Fundamentals
n
Real threats that impact security
n
Hacking, cracking, and the motivation behind attacks.
n
Understanding the Risks Overview- Common Attacks and
Terminology:
n
Insecure accounts, file-system, programs, trojans
n
Hostile applications, scripts, email, web pages
n
Program and network vulnerabilities; communcation scams
n
Sniffing, spoofing, hijacking, masquerading, phishing
n
Backdoors, rootkits, denial-of-service, spam, viruses,
worms
n
Security Layers, Terminology and Methods of
Implementation
n
Understanding the Possible Defenses Overview:
n
NAT, TCP wrappering, firewalls, filters, and proxies
n
Virtual Private Networks (VPN)
n
VNC/RDP secure remote administration
n
Virus/spyware/spam protection software, disaster
recovery planning
n
Password and access security, biometrics, (LDAP) single
signon
n
Restricting workstation access to network with MAC/IP
filtering (DHCP/routers)
n
CERT and software updates
n
Putting a security policy in place; restricting
physical and network access
n
Security Awareness on Local Client Machine
n
Invasion of Privacy
n
Browser spyware invasion
n
Email invasion
n
Newsgroup invasion
n
Account registration/website invasion
n
Implement basic physical, operating system, and
file-system security:
n
Limit physical access to host, removable media,
BIOS/loader restrictions
n
Resolve insecure accounts and passwords (MD5)
n
Resolve insecure file-system and Trojan horses
n
Set policies to inhibits viruses/worms/email/web
problems
n
Resolve insecure programs
n
Inhibiting capability privilege escalation (thru
removing suids, pam config)
n
Apply latest security patches
n
Limit registry access in Windows platforms
n
Using audit trails to track and repel intruders:
n
System logging, log files, log rotation
n
Facilities like Registry Viewer, LogWatch, SysLogD
remote logging
Minimizing Vulnerable Network Connections
n
Understanding network and TCP/IP security basics:
n
TCP/IP model
n
Original Internet Design, Email and web systems, all
based on trust
n
Impersonating a user
n
Unauthorized reading of files or implanting fields:
n
Bugs in security model with shell escapes
n
Buffer overflows and privilege escalation
n
Trivial File Transfer Program (TFTP)
n
Anonymous FTP
n
Samba and Network Neighborhood
n
Unsecured NFS, Sendmail,IIS and Apache/Tomcat
n
Access to default hidden Windows shares, Unix NFS
mounts
n
Implanting commands:
n
IIS, insecure CGI/PHP/ASP/JSP, known problems with NIS,
Sendmail, RPC, DNS/BIND, FTP, SSH, SAMBA
n
Buffer overflow exploits to execute arbitrary
privileged commands
n
Planted listeners and keystroke scanners.
n
Unintentional web browser downloads that activate new
services
n
Remote administration services of Windows platforms.
n
R-commands for trusted hosts.
n
Holding your defensive line and countering the
eavesdropper:
n
Limit access to control files, directories and
registry.
n
Inoculating your systems against viruses and spyware
with virus protection and spyware protection software;
n
Unintentional web browser downloads that install
third-party toolbar observers such as “DoubleClick”
n
Disabling or limiting most network services, including
the use of host firewalls
n
Placing insecure network services inside a “sandbox”.
n
Restricting which hosts can access machines on your
network.
n
Implementing packet filters.
n
Authenticating users and hosts with public key
encryption.
n
Protecting your transmissions with encryption.
n
Using Secure Sockets Layer to maintain Communications
and Web confidentiality
Second Level Network Attacks: Forgeries and Denial attacks
n
The forger’s arsenal:
n
Hacking e-mail messages
n
Specially crafted packets
n
IP spoofing, session hijacking, masquerading
n
Scrambling the routing tables
n
X-window security holes
n
Censoring system logs.
n
Denial-of-service attacks:
n
Viruses/Worms; Delivering viruses via the Web.
n
Sync/data flooding; Spam email.
n
Thwarting attacks to avoid disruption of service:
n
Inoculating your systems against viruses with virus
protection software;
n
Disaster Recovery Planning
n
Protecting logs with immutable files
n
Adopting advanced routing protocols
n
Smart message user agent
n
Imposing quotas on processes, files and accounts
n
If on virtualized hardware, Imposing additional quotas
on memory, cpu cycles and other resources.
n
Using a packet filter to shield against bombardment
n
Hiding behind router and local host firewalls.
n
CERT - An overview of the work of Computer Emergency
Response Teams and how they can help sites.
Understanding and Using Firewall and Advanced Techniques
n
Using Firewalls (in conjunction with packet Filters
& Application-Level Proxies)
n
Types of firewalls and how firewalls work.
n
Application proxy servers and gateways.
n
Using VPNs and RSA SecurID
n
Network configurations: “demilitarized zone”,
externally accessible servers (web), add Wireless Network concerns.
n
Optional discussion of IPTABLES/IPCHAINS ruleset.
n
Understanding Mail service and anti-spam configurations
(Procmail, SpamAssassin)
n
Interpreting LogWatch log files.
n
Optional discussion of recent Linux breakin.
n
Time permitting, discuss types of intrusion detection
and file integrity tools (Snort,Tripwire)
Subset of
possible demonstrations :
n
List enabled services on Linux and Windows.(chkconfig,
rpcinfo, netstat, net start)
n
TCP Wrappering demonstration.
n
Network Address Translation (NAT &
IP-Masquerading).
n
Optional lab of configuring Linux as a firewall and
router (IPTABLES, IPCHAINS)
n
Configure logging, as well as a central syslog host ;
Real-time logging.
n
3rd Party Security Assessment Tools
(Cops/Snort/Tripwire/Nmap/Logwatch).
n
Virtual Private Networks (VPN) & Secure Tunnel Connection
setup.
n
MS Windows Baseline Analysis Tool.
n
Securing IIS.
n
Securing SSH & SFTP.
n
Using SSH to tunnel other protocols.
n
Configuring Sendmail, enabling the use of Procmail and
SpamAssassin
n
Security hardening on Linux/UNIX systems.