SlideShare ist ein Scribd-Unternehmen logo

PACE-IT: Common Network Security Issues

Als PPTX, PDF herunterladen
Pace IT at Edmonds Community College
Pace IT at Edmonds Community College

CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

Bildung
1 von 16
Common network security issues.
Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications  PC Hardware  Network Administration  IT Project Management  Network Design  User Training  IT Troubleshooting Qualifications Summary Education  M.B.A., IT Management, Western Governor’s University  B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
Page 3 – Security issues caused by misconfigurations. – Other network security issues. PACE-IT.
Page 4 Common network security issues.
Page 5 It’s easy to assume that a network is secured from threats, while, in reality, it may be very vulnerable. A network may actually be vulnerable because of a misconfigured security setting or because of a common practice within an organization. A network may not be as secure as you think due to the ever changing threat landscape. Nefarious hackers are continually seeking new exploits that they can use to breach network security (including possible misconfigurations in network security settings). Common network security issues.
Page 6 – Misconfigured firewall and access control list (ACL). » A misconfigured firewall and ACL can result in three different categories of security issues. • Traffic that should be blocked isn’t, allowing threats in. • Traffic that shouldn’t be blocked is; this can prevent receiving vital updates. • All traffic is blocked; this isn’t necessarily a security issue per se but is still a misconfiguration. » To protect against a misconfigured firewall or ACL, thoroughly test them before putting them into action. – Misconfigured application. » A misconfigured application may become a security threat. • A Web application that does not perform proper validation of input may lead to a buffer overflow attack. This may lead to a successful attack on the Web server on which it is hosted. » Thoroughly testing applications before placing them into service will mitigate the threat. Common network security issues.
Page 7 – Unpatched operating system (OS) or firmware. » The manufacturers of OSs and hardware firmware will often produce security patches (or fixes) for vulnerabilities as they become known. • An unpatched OS or firmware becomes very vulnerable in short order and may become a threat to the network. » Most software makers have an updating service; subscribing to that service will help to mitigate the threat. – Open TCP/IP ports. » Open ports on networks are listening for requests for or by services, applications, or protocols. • All open ports are a security vulnerability and there are 65,535 possible ports that may be open. » A best practice for network security is to specifically close all unnecessary ports to harden a network. Common network security issues.
Page 8 – Misconfigured authentication services. » The TACACS+ and RADIUS services are often used to authenticate devices and users on networks. • A misconfiguration of either may lead to a security issue that allows malicious users to be authenticated to use network resources. » Thoroughly reviewing the configuration of authentication services will help to mitigate the problem. In addition, all default local accounts should be disabled (these may present a slight opening for a malicious user to exploit authentication services). – Active default usernames and passwords. » Almost all devices and applications come with default usernames and passwords to ease the setup process. • If left active, these defaults create a security issue—as they tend to be well known or are easy to find through simple research. » A best practice is to disable all default usernames and passwords after setting up the device or application. Common network security issues.
Page 9 Common network security issues.
Page 10 – Malicious users. » Malicious users may be the single biggest security issue facing any network and they will fall into one of two categories: • An untrusted malicious user: an outside entity that has exploited a security weakness to gain access to network resources (e.g., a hacker who has breached a database’s security features to gain access to valuable information). • A trusted malicious user: a person or entity that has been explicitly granted access to network resources that then exploits this trusted position for malicious purposes. » A best practice is to review log files on a regular basis to see what resources are being accessed and by whom to help maintain security. – Packet sniffers. » Packet sniffers examine network traffic at a very basic level and can be used to help in the administration of a network. • Packet sniffers may also be used by malicious users to see what protocols and activities are allowed on the network. This may help them in further attacking the network. Common network security issues.
Page 11 – Malware. » It is usually defined as malicious software that has the intent of causing harm. As a category, malware covers any code based threat to a network or system. • Examples of malware include: viruses, Trojans, and spyware. » To protect against malware, anti-malware applications should be running on every device. To be proactive, end user education should also be in place to teach them to recognize the dangers. – ICMP (Internet Control Messaging Protocol) related issues. » ICMP can be a valuable tool for diagnosing issues on networks, but it can also become a security vulnerability. • ICMP can be exploited in a denial-of-service (DoS) type of attack. • ICMP can be used to redirect legitimate users to a new malicious default gateway, possibly resulting in loss of data or sensitive information. » It is now a best practice to deny ICMP requests on a router’s outward facing interface. Common network security issues.
Page 12 – DoS or distributed DoS (DDoS). » In an attempt to bring down a network or website, malicious users will often send thousands (or hundred of thousands) of requests for services. • The attackers’ goal is to make that resource unreachable by legitimate users. » Many modern firewalls and other network appliances have been configured to recognize the signature of such an attack and can take steps to mitigate the results. – Unintended backdoor access. » When creating applications, developers often create backdoors into the programs. Backdoors are a method of accessing an application or service while bypassing the normal authentication process. Unfortunately, these backdoors are sometimes left open after the development process has been completed. Once these become known, they can be exploited. • In most cases, the application is listening on a specific port (e.g., an open port) for a request for access. » The best mitigation technique is to close all unnecessary ports on a network. Common network security issues.
Page 13 – Jamming. » All wireless networks use radio frequency (RF) channels to transmit data on the network. It is possible to create enough interference on the RF channel that it is no longer useable on the network. • An attacker will often use jamming when performing a DoS type attack; however, it can also be used to perform an evil twin type attack. » Many of the modern networking standards and devices employ techniques to mitigate the threat of jamming (e.g., 802.11n and 802.11ac are difficult to jam). – Banner grabbing. » Many network devices display banners (displayed messages)when users are signing into or requesting services from network devices. These banners can impart information about the type of device or the type of service that is being requested. • This information may be used by a hacker to research possible exploits. » The best practice is to disable all unnecessary services and banners on network devices. Common network security issues.
Page 14 Common network security issues. Network security is an ever shifting landscape and some security issues may be inadvertently created by misconfigurations. Some of these misconfiguration issues can occur on: firewalls, ACLs, applications, unpatched OSs or firmware, open TCP/IP ports, and authentication services. The use of default usernames and passwords is another means by which a network can be breached. Topic Security issues caused by misconfigurations. Summary There are many security issues that face modern networks. Some of these issues include: malicious users, packet sniffers, malware, ICMP, DoS or DDoS attacks, unintended backdoor access, jamming, and banner grabbing. Each of these vulnerabilities can be mitigated, thus hardening the network. Other network security issues.
Page 15 THANK YOU!
This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

Empfohlen

PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)
Pace IT at Edmonds Community College
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
Pace IT at Edmonds Community College
 
PACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security ControlPACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security Control
Pace IT at Edmonds Community College
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
Pace IT at Edmonds Community College
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related Concepts
Pace IT at Edmonds Community College
 
PACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network VulnerabilitiesPACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network Vulnerabilities
Pace IT at Edmonds Community College
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 

Empfohlen

PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)
Pace IT at Edmonds Community College
 
PACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic ConceptsPACE-IT: Basic Forensic Concepts
PACE-IT: Basic Forensic Concepts
Pace IT at Edmonds Community College
 
PACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security ControlPACE-IT: Physical Network Security Control
PACE-IT: Physical Network Security Control
Pace IT at Edmonds Community College
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
Pace IT at Edmonds Community College
 
PACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related ConceptsPACE-IT: Risk and Security Related Concepts
PACE-IT: Risk and Security Related Concepts
Pace IT at Edmonds Community College
 
PACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network VulnerabilitiesPACE-IT: Common Network Vulnerabilities
PACE-IT: Common Network Vulnerabilities
Pace IT at Edmonds Community College
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)
Pace IT at Edmonds Community College
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
Pace IT at Edmonds Community College
 
PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic Procedures
Pace IT at Edmonds Community College
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
Pace IT at Edmonds Community College
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
Pace IT at Edmonds Community College
 
PACE-IT: Firewall Basics
PACE-IT: Firewall BasicsPACE-IT: Firewall Basics
PACE-IT: Firewall Basics
Pace IT at Edmonds Community College
 
PACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best PracticesPACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best Practices
Pace IT at Edmonds Community College
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and Components
Pace IT at Edmonds Community College
 
PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen TestingPACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
Pace IT at Edmonds Community College
 
PACE-IT: Network Access Control
PACE-IT: Network Access ControlPACE-IT: Network Access Control
PACE-IT: Network Access Control
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
Pace IT at Edmonds Community College
 
PACE-IT, Security+1.2: Secure Network Administration Concepts
PACE-IT, Security+1.2: Secure Network Administration ConceptsPACE-IT, Security+1.2: Secure Network Administration Concepts
PACE-IT, Security+1.2: Secure Network Administration Concepts
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
Pace IT at Edmonds Community College
 
Pace IT - Common Security Threats
Pace IT - Common Security ThreatsPace IT - Common Security Threats
Pace IT - Common Security Threats
Pace IT at Edmonds Community College
 
PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)
Pace IT at Edmonds Community College
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
Pace IT at Edmonds Community College
 
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
Pace IT at Edmonds Community College
 
PACE-IT: Common WAN Components and Issues
PACE-IT: Common WAN Components and IssuesPACE-IT: Common WAN Components and Issues
PACE-IT: Common WAN Components and Issues
Pace IT at Edmonds Community College
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
Breaking DES
Breaking DESBreaking DES
Breaking DES
Vahid Farrahi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)PACE-IT: Network Hardening Techniques (part 3)
PACE-IT: Network Hardening Techniques (part 3)
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
PACE-IT, Security+1.1: Introduction to Network Devices (part 2)
 
PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)PACE-IT: Network Hardening Techniques (part 2)
PACE-IT: Network Hardening Techniques (part 2)
 
PACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic ProceduresPACE-IT, Security+ 2.4: Basic Forensic Procedures
PACE-IT, Security+ 2.4: Basic Forensic Procedures
 
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental ControlsPACE-IT, Security+2.7: Physical Security and Enviornmental Controls
PACE-IT, Security+2.7: Physical Security and Enviornmental Controls
 
PACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and TrainingPACE-IT, Security+2.6: Security Related Awareness and Training
PACE-IT, Security+2.6: Security Related Awareness and Training
 
PACE-IT: Firewall Basics
PACE-IT: Firewall BasicsPACE-IT: Firewall Basics
PACE-IT: Firewall Basics
 
PACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best PracticesPACE-IT, Security+2.8: Risk Management Best Practices
PACE-IT, Security+2.8: Risk Management Best Practices
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and ComponentsPACE-IT, Security+1.3: Secure Network Design Elements and Components
PACE-IT, Security+1.3: Secure Network Design Elements and Components
 
PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)PACE-IT, Security+1.4: Common Network Protocols (part 3)
PACE-IT, Security+1.4: Common Network Protocols (part 3)
 
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen TestingPACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
PACE-IT, Security+3.8: Vulnerability Scanning vs Pen Testing
 
PACE-IT: Network Access Control
PACE-IT: Network Access ControlPACE-IT: Network Access Control
PACE-IT: Network Access Control
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
 
PACE-IT, Security+1.2: Secure Network Administration Concepts
PACE-IT, Security+1.2: Secure Network Administration ConceptsPACE-IT, Security+1.2: Secure Network Administration Concepts
PACE-IT, Security+1.2: Secure Network Administration Concepts
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
 
Pace IT - Common Security Threats
Pace IT - Common Security ThreatsPace IT - Common Security Threats
Pace IT - Common Security Threats
 
PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)
PACE-IT, Security+ 2.1: Risk Related Concepts (part 1)
 
PACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud ConceptsPACE-IT, Security+1.3: Cloud Concepts
PACE-IT, Security+1.3: Cloud Concepts
 
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)PACE-IT, Security+3.5: Types of Application Attacks (part 1)
PACE-IT, Security+3.5: Types of Application Attacks (part 1)
 
PACE-IT: Common WAN Components and Issues
PACE-IT: Common WAN Components and IssuesPACE-IT: Common WAN Components and Issues
PACE-IT: Common WAN Components and Issues
 

Andere mochten auch

Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGESA SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
Editor IJCTER
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issues
Maha Saad
 

Andere mochten auch (20)

Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Breaking DES
Breaking DESBreaking DES
Breaking DES
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
Security
SecuritySecurity
Security
 
Network security
Network securityNetwork security
Network security
 
Network security attacks
Network security attacksNetwork security attacks
Network security attacks
 
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGESA SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
A SERVEY ON WIRELESS SENSOR NETWORK SECURITY ISSUES & CHALLENGES
 
Network Security
Network SecurityNetwork Security
Network Security
 
Infomration & network security
Infomration & network securityInfomration & network security
Infomration & network security
 
Data Encryption Standard (DES)
Data Encryption Standard (DES)Data Encryption Standard (DES)
Data Encryption Standard (DES)
 
Introduction of cryptography and network security
Introduction of cryptography and network securityIntroduction of cryptography and network security
Introduction of cryptography and network security
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
 
Ch08
Ch08Ch08
Ch08
 
Rsa Algorithm
Rsa AlgorithmRsa Algorithm
Rsa Algorithm
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Wireless sensor network security issues
Wireless sensor network security issuesWireless sensor network security issues
Wireless sensor network security issues
 
DES
DESDES
DES
 
Cryptography
CryptographyCryptography
Cryptography
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 

Ähnlich wie PACE-IT: Common Network Security Issues

RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
Rhys A. Mossom
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
webhostingguy
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
isidro luna beltran
 

Ähnlich wie PACE-IT: Common Network Security Issues (20)

Pace IT - Threats & Vulnerabilities Mitigation
Pace IT - Threats & Vulnerabilities MitigationPace IT - Threats & Vulnerabilities Mitigation
Pace IT - Threats & Vulnerabilities Mitigation
 
PACE-IT, Security+1.1: Introduction to Network Devices (part 3)
PACE-IT, Security+1.1: Introduction to Network Devices (part 3)PACE-IT, Security+1.1: Introduction to Network Devices (part 3)
PACE-IT, Security+1.1: Introduction to Network Devices (part 3)
 
PACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of MalwarePACE-IT, Security+3.1: Types of Malware
PACE-IT, Security+3.1: Types of Malware
 
PACE-IT: Introduction_to Network Devices (part 2) - N10 006
PACE-IT: Introduction_to Network Devices (part 2) - N10 006 PACE-IT: Introduction_to Network Devices (part 2) - N10 006
PACE-IT: Introduction_to Network Devices (part 2) - N10 006
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdf
 
Top 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdfTop 25 SOC Analyst interview questions.pdf
Top 25 SOC Analyst interview questions.pdf
 
Network security
Network securityNetwork security
Network security
 
Network-security-ppt.pptx...............
Network-security-ppt.pptx...............Network-security-ppt.pptx...............
Network-security-ppt.pptx...............
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptx
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 

Mehr von Pace IT at Edmonds Community College

Mehr von Pace IT at Edmonds Community College (20)

PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 2)
 
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
PACE-IT, Security+ 6.3: Introduction to Public Key Infrastructure (part 1)
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 2)
 
PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)
PACE-IT, Security+ 6.2: Cryptographic Methods (part 1)
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 1)
 
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
PACE-IT, Security+ 6.1: Introduction to Cryptography (part 2)
 
PACE-IT, Security + 5.3: Security Controls for Account Management
PACE-IT, Security + 5.3: Security Controls for Account ManagementPACE-IT, Security + 5.3: Security Controls for Account Management
PACE-IT, Security + 5.3: Security Controls for Account Management
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 2)
 
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)
PACE-IT, Security + 5.2: Authentication and Authorization Basics (part 1)
 
PACE-IT, Security + 5.1: Summary of Authentication Services
PACE-IT, Security + 5.1: Summary of Authentication ServicesPACE-IT, Security + 5.1: Summary of Authentication Services
PACE-IT, Security + 5.1: Summary of Authentication Services
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 1)
 
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and TechniquesPACE-IT, Security+ 4.1: Application Security Controls and Techniques
PACE-IT, Security+ 4.1: Application Security Controls and Techniques
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
 
PACE-IT, Security+ 4.4: Controls to Ensure Data Security
PACE-IT, Security+ 4.4: Controls to Ensure Data SecurityPACE-IT, Security+ 4.4: Controls to Ensure Data Security
PACE-IT, Security+ 4.4: Controls to Ensure Data Security
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
PACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment ToolsPACE-IT, Security+3.7: Overview of Security Assessment Tools
PACE-IT, Security+3.7: Overview of Security Assessment Tools
 
PACE-IT, Security+3.6: Security Enhancement Techniques
PACE-IT, Security+3.6: Security Enhancement TechniquesPACE-IT, Security+3.6: Security Enhancement Techniques
PACE-IT, Security+3.6: Security Enhancement Techniques
 
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)PACE-IT, Security+3.5: Types of Application Attacks (part 2)
PACE-IT, Security+3.5: Types of Application Attacks (part 2)
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
 

Kürzlich hochgeladen

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Kürzlich hochgeladen (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 

PACE-IT: Common Network Security Issues

  • 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications  PC Hardware  Network Administration  IT Project Management  Network Design  User Training  IT Troubleshooting Qualifications Summary Education  M.B.A., IT Management, Western Governor’s University  B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
  • 3. Page 3 – Security issues caused by misconfigurations. – Other network security issues. PACE-IT.
  • 4. Page 4 Common network security issues.
  • 5. Page 5 It’s easy to assume that a network is secured from threats, while, in reality, it may be very vulnerable. A network may actually be vulnerable because of a misconfigured security setting or because of a common practice within an organization. A network may not be as secure as you think due to the ever changing threat landscape. Nefarious hackers are continually seeking new exploits that they can use to breach network security (including possible misconfigurations in network security settings). Common network security issues.
  • 6. Page 6 – Misconfigured firewall and access control list (ACL). » A misconfigured firewall and ACL can result in three different categories of security issues. • Traffic that should be blocked isn’t, allowing threats in. • Traffic that shouldn’t be blocked is; this can prevent receiving vital updates. • All traffic is blocked; this isn’t necessarily a security issue per se but is still a misconfiguration. » To protect against a misconfigured firewall or ACL, thoroughly test them before putting them into action. – Misconfigured application. » A misconfigured application may become a security threat. • A Web application that does not perform proper validation of input may lead to a buffer overflow attack. This may lead to a successful attack on the Web server on which it is hosted. » Thoroughly testing applications before placing them into service will mitigate the threat. Common network security issues.
  • 7. Page 7 – Unpatched operating system (OS) or firmware. » The manufacturers of OSs and hardware firmware will often produce security patches (or fixes) for vulnerabilities as they become known. • An unpatched OS or firmware becomes very vulnerable in short order and may become a threat to the network. » Most software makers have an updating service; subscribing to that service will help to mitigate the threat. – Open TCP/IP ports. » Open ports on networks are listening for requests for or by services, applications, or protocols. • All open ports are a security vulnerability and there are 65,535 possible ports that may be open. » A best practice for network security is to specifically close all unnecessary ports to harden a network. Common network security issues.
  • 8. Page 8 – Misconfigured authentication services. » The TACACS+ and RADIUS services are often used to authenticate devices and users on networks. • A misconfiguration of either may lead to a security issue that allows malicious users to be authenticated to use network resources. » Thoroughly reviewing the configuration of authentication services will help to mitigate the problem. In addition, all default local accounts should be disabled (these may present a slight opening for a malicious user to exploit authentication services). – Active default usernames and passwords. » Almost all devices and applications come with default usernames and passwords to ease the setup process. • If left active, these defaults create a security issue—as they tend to be well known or are easy to find through simple research. » A best practice is to disable all default usernames and passwords after setting up the device or application. Common network security issues.
  • 9. Page 9 Common network security issues.
  • 10. Page 10 – Malicious users. » Malicious users may be the single biggest security issue facing any network and they will fall into one of two categories: • An untrusted malicious user: an outside entity that has exploited a security weakness to gain access to network resources (e.g., a hacker who has breached a database’s security features to gain access to valuable information). • A trusted malicious user: a person or entity that has been explicitly granted access to network resources that then exploits this trusted position for malicious purposes. » A best practice is to review log files on a regular basis to see what resources are being accessed and by whom to help maintain security. – Packet sniffers. » Packet sniffers examine network traffic at a very basic level and can be used to help in the administration of a network. • Packet sniffers may also be used by malicious users to see what protocols and activities are allowed on the network. This may help them in further attacking the network. Common network security issues.
  • 11. Page 11 – Malware. » It is usually defined as malicious software that has the intent of causing harm. As a category, malware covers any code based threat to a network or system. • Examples of malware include: viruses, Trojans, and spyware. » To protect against malware, anti-malware applications should be running on every device. To be proactive, end user education should also be in place to teach them to recognize the dangers. – ICMP (Internet Control Messaging Protocol) related issues. » ICMP can be a valuable tool for diagnosing issues on networks, but it can also become a security vulnerability. • ICMP can be exploited in a denial-of-service (DoS) type of attack. • ICMP can be used to redirect legitimate users to a new malicious default gateway, possibly resulting in loss of data or sensitive information. » It is now a best practice to deny ICMP requests on a router’s outward facing interface. Common network security issues.
  • 12. Page 12 – DoS or distributed DoS (DDoS). » In an attempt to bring down a network or website, malicious users will often send thousands (or hundred of thousands) of requests for services. • The attackers’ goal is to make that resource unreachable by legitimate users. » Many modern firewalls and other network appliances have been configured to recognize the signature of such an attack and can take steps to mitigate the results. – Unintended backdoor access. » When creating applications, developers often create backdoors into the programs. Backdoors are a method of accessing an application or service while bypassing the normal authentication process. Unfortunately, these backdoors are sometimes left open after the development process has been completed. Once these become known, they can be exploited. • In most cases, the application is listening on a specific port (e.g., an open port) for a request for access. » The best mitigation technique is to close all unnecessary ports on a network. Common network security issues.
  • 13. Page 13 – Jamming. » All wireless networks use radio frequency (RF) channels to transmit data on the network. It is possible to create enough interference on the RF channel that it is no longer useable on the network. • An attacker will often use jamming when performing a DoS type attack; however, it can also be used to perform an evil twin type attack. » Many of the modern networking standards and devices employ techniques to mitigate the threat of jamming (e.g., 802.11n and 802.11ac are difficult to jam). – Banner grabbing. » Many network devices display banners (displayed messages)when users are signing into or requesting services from network devices. These banners can impart information about the type of device or the type of service that is being requested. • This information may be used by a hacker to research possible exploits. » The best practice is to disable all unnecessary services and banners on network devices. Common network security issues.
  • 14. Page 14 Common network security issues. Network security is an ever shifting landscape and some security issues may be inadvertently created by misconfigurations. Some of these misconfiguration issues can occur on: firewalls, ACLs, applications, unpatched OSs or firmware, open TCP/IP ports, and authentication services. The use of default usernames and passwords is another means by which a network can be breached. Topic Security issues caused by misconfigurations. Summary There are many security issues that face modern networks. Some of these issues include: malicious users, packet sniffers, malware, ICMP, DoS or DDoS attacks, unintended backdoor access, jamming, and banner grabbing. Each of these vulnerabilities can be mitigated, thus hardening the network. Other network security issues.
  • 16. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.