security study guide phần 6 pot

Flash CardsFlash cards, also referred to as memory sticks, are small memory cards that can be used to store information.. Flash cards can carry viruses, or they can be used to steal sma

Flash Cards

Flash cards, also referred to as memory sticks, are small memory cards that

can be used to store information A system that has a flash card interface usually treats flash cards as if they were a hard drive Flash cards can carry viruses, or they can be used to steal small amounts of information from systems that support them

Flash cards are coming down in price and are becoming standard on many computer systems Most PDA devices have the ability to accept flash cards, making them susceptible to viruses that are targeted at PDAs So far, this has not been a big threat, but you can bet it will become one as these devices become more popular

Smart Cards

Smart cards are usually used for access control and security purposes The card itself usually contains a small amount of memory that can be used to store permissions and access information Smart cards are difficult to coun-terfeit, but they are easy to steal Once a thief has a smart card, they have all the access that the card allows To prevent this, many organizations do not put any identifying marks on their smart cards, making it harder for some-one to utilize them

Many European countries are beginning to use smart cards instead of magnetic strip credit cards because they offer additional security and can contain larger amounts of information The use of smart cards is also grow-ing because they offer more security than traditional magnetic strip cards

Summary

In this chapter, we covered the key elements of the infrastructure and the various components involved in networking Your infrastructure is the backbone and key to the entire security capabilities of your network Infrastructure includes the hardware and software necessary to run your network The key elements used in security are routers and firewalls Proper configuration is the key to providing services the way your network needs them If your network security devices are improperly configured, you may

be worse off than if you did not have them at all It is a dangerous situation when you think you are secure, when in actuality you are not

Summary 155

Networks are becoming more complicated, and they are being linked to other networks at an accelerating speed Several tools are available to help you both link and secure your networks These tools include:

 VPNs

 Tunneling protocols

 Remote access The connections you make using TCP/IP are based primarily on IP addresses When coupled with a port, these addresses form a socket Sockets are the primary method used to communicate with services and applications such as WWW and Telnet Most services have standard sockets that operate by default Sockets are changeable for special configurations and additional security Changing default ports requires that users know which ports provide which services

Network monitors are primarily troubleshooting tools, and they can be used to eavesdrop on networks Intrusion Detection Systems take an active role and can control traffic and systems IDS uses extensive rules-based procedures to check audit files and network traffic They can make decisions based upon those rules In conjunction with a firewall, IDS can offer very high levels of security

The communication media used determines the security of the communi-cations from a physical perspective Several different types of media are available for networks, including:

 Coax

 UTP/STP

 Fiber

 Infrared

 RF

 Microwave Each of these media provides a unique challenge that requires attention to ensure that security requirements are met

Removable media can be a carrier or storage vessel for viruses Make sure they are scanned with antivirus software to verify that they remain clean Removable media are also easily transportable, and they can disappear rather easily Physical security measures are important to prevent this from

Exam Essentials

Be able to describe the various components and the purpose of an infra-structure Your network’s infrastructure is the backbone of your systems

and network operations The infrastructure includes all of the hardware, software, physical security, and operational security methods in place

Be able to describe the various network components in an infrastruture and how they function The key components of your infrastructure

include devices such as routers, firewalls, switches, modems, telecommu-nications systems, and the other devices used in the network

Know the characteristics of the connectivity technologies available to you and the security capabilities associated with each Remote Access, SLIP,

PPP, tunneling protocols, and VPNs are your primary tools PPTP and L2TP are two of the most common protocols used for tunneling IPSec, while not a tunneling protocol, provides encryption to tunneling proto-cols IPSec is often used to enhance tunnel security

Familiarize yourself with the technologies used by TCP/IP and the Internet IP addresses and port numbers are combined to create an

interface called a socket Most TCP and UDP protocols communicate

using this socket as the primary interface mechanism Clients and servers communicate using ports Ports can be changed to enhance security WWW services use HTML and other technologies to allow rich and animated websites These technologies potentially create security prob-lems, as they may have their own individual vulnerabilities Verify what problems exist from a security perspective before enabling these technol-ogies on your systems

Be able to describe the two primary methods used for network monitoring.

The primary methods used for network monitoring are sniffers and IDS Sniffers are passive and can provide real-time displays of actual network traffic They are intended to be used primarily for troubleshooting purposes, but they are one of the tools used by attackers to determine what pro-tocols and systems you are running IDS are active devices that operate

to alert administrators of attacks and unusual events This is accom-plished by automatically reviewing log files and system traffic, and by applying rules on how to react to events IDS, when used in conjunction with firewalls, can provide excellent security for a network

Key Terms 157

Understand the various types and capabilities of the network media used

in a network Network media is wire-, fiber-, or wireless-based Each of

these media presents challenges to security that must be evaluated Never assume that a wireless connection is secure

Be able to describe the vulnerabilities of removable media and what steps must be taken to minimize these risks Removable media are used for

backup, archives, and working storage The capacity and capabilities

of these types of devices has increased dramatically over the last few years Most of this media is very small and easily hidden Physical security measures are necessary to keep them from walking off In addition, media can be copied to other systems, presenting confidentiality issues Make sure you know how to safeguard this technology

Key Terms

Before you take the exam, be certain you are familiar with the follow-ing terms:

(HTML)

Wireless Ethernet)

Common Gateway Interface (CGI) infrastructure security

Internet Control Message Protocol (ICMP)

Private Branch Exchange (PBX)

Internet Group Message Protocol (IGMP)

protocols

Internet Mail Access Protocol (IMAP)

proxy firewall

User Service (RADIUS)

Layer 2 Tunneling Protocol (L2TP) sandbox

Network Operations Center (NOC) Simple Mail Transport Protocol

SMTP

Protocol (SNMP)

Point-to-Point Tunneling Protocol (PPTP)

Spam

Plain Old Telephone Service (POTS)

tape

Key Terms 159

Terminal Access Controller Access Control System (TACACS)

Virtual Private Network (VPN)

Unshielded Twisted Pair (UTP)

Review Questions

1. Which of the following devices is the most capable of providing infra-structure security?

A. Hub

B. Switch

C. Router

D. Modem

2. A packet filter performs which function?

A. Prevents unauthorized packets from entering the network

B. Allows all packets to leave the network

C. Allows all packets to enter a network

D. Eliminates collisions in the network

3. Which device stores information about destinations in a network?

A. Hub

B. Modem

C. Firewall

D. Router

4. Which device acts primarily as a tool to improve network efficiency?

A. Hub

B. Switch

C. Router

D. PBX

Review Questions 161

5. Which device is often used to integrate voice and data services onto a single WAN?

A. Router

B. PBX

C. HUB

D. Server

6. Which protocol is widely used today as a transport protocol for Internet dial-up connections?

A. SLIP

B. PPP

C. PPTP

D. L2TP

7. Which protocol is unsuitable for WAN VPN connections?

A. PPP

B. PPTP

C. L2TP

D. IPSec

8. Which protocol is not a tunneling protocol but is used by tunneling protocols for network security?

A. IPSec

B. PPTP

C. L2TP

D. L2F

9. A socket is a combination of which components?

A. TCP and port number

B. UDP and port number

C. IP and session number

D. IP and port number

10. Which protocol is becoming the newest standard for Internet mail applications?

A. SMTP

B. POP

C. IMAP

D. IGMP

11. Which protocol is primarily used for network maintenance and desti-nation information?

A. ICMP

B. SMTP

C. IGMP

D. Router

12. Which protocol is used for group messages or multicast messaging?

A. SMTP

B. SNMP

C. IGMP

D. L2TP

13. Which device monitors network traffic in a passive manner?

A. Sniffer

B. IDS

C. Firewall

Review Questions 163

14. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?

A. IDS

B. Sniffer

C. Router

D. Switch

15. Which media is broken down into seven categories depending on capability?

A. Coax

B. UTP

C. Infrared

D. Fiber optic cable

16. Which media is the least susceptible to interception or tapping?

A. Coax

B. UTP

C. STP

D. Fiber

17. Which media offers line-of-sight broadband and baseband capabilities?

A. Coax

B. Infrared

C. Microwave

D. UTP

18. Which media is used primarily for backup and archiving purposes?

A. Tape

B. CD-R

C. Memory stick

19. Which media is susceptible to viruses?

A. Tape

B. Memory stick

C. CD-R

D. All of the above

20. Which device is used for access control as well as storage of information?

A. CD-R

B. Smart card

C. Flash card

D. Tape

Answers to Review Questions 165

Answers to Review Questions

1. C Routers can be configured in many instances to act as packet-filtering firewalls When configured properly, they can prevent unauthorized ports from being opened

2. A Packet filters prevent unauthorized packets from entering or leaving

a network Packet filters are a type of firewall that block specified port traffic

3. D Routers store information about network destinations in routing tables These tables contain information about known hosts on both sides of the router

4. B Switches create virtual circuits between systems in a network These virtual circuits are somewhat private and reduce network traffic when used

5. B Many modern PBX or Private Branch Exchange systems integrate voice and data onto a single data connection to your phone service provider In some cases, this allows an overall reduction in costs of operations These connections are made using existing network con-nections such as a T1 or T3 network

6. B SLIP connections have largely been replaced by PPP connections in dial-up Internet connections SLIP passes only TCP/IP traffic, and PPP can pass multiple protocols

7. A PPP provides no security and all activities are unsecure PPP is primarily intended for dial-up connections and should never be used for VPN connections

8. A IPSec provides network security for tunneling protocols IPSec can be used with many different protocols besides TCP/IP, and it has two modes of security

9. D A socket is a combination of IP address and port number The socket identifies which application will respond to the network request

10. C IMAP is becoming the most popular standard for e-mail clients and is replacing POP protocols for mail systems IMAP allows mail to

be forwarded and stored in information areas called stores.