CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
3. Page 3
– Security issues caused by
misconfigurations.
– Other network security issues.
PACE-IT.
5. Page 5
It’s easy to assume that a
network is secured from
threats, while, in reality, it
may be very vulnerable.
A network may actually be vulnerable because of a misconfigured
security setting or because of a common practice within an
organization.
A network may not be as secure as you think due to the ever
changing threat landscape. Nefarious hackers are continually
seeking new exploits that they can use to breach network security
(including possible misconfigurations in network security
settings).
Common network security issues.
6. Page 6
– Misconfigured firewall and access control
list (ACL).
» A misconfigured firewall and ACL can result in three different
categories of security issues.
• Traffic that should be blocked isn’t, allowing threats in.
• Traffic that shouldn’t be blocked is; this can prevent receiving
vital updates.
• All traffic is blocked; this isn’t necessarily a security issue per
se but is still a misconfiguration.
» To protect against a misconfigured firewall or ACL, thoroughly
test them before putting them into action.
– Misconfigured application.
» A misconfigured application may become a security threat.
• A Web application that does not perform proper validation of
input may lead to a buffer overflow attack. This may lead to a
successful attack on the Web server on which it is hosted.
» Thoroughly testing applications before placing them into service
will mitigate the threat.
Common network security issues.
7. Page 7
– Unpatched operating system (OS) or
firmware.
» The manufacturers of OSs and hardware firmware will often
produce security patches (or fixes) for vulnerabilities as they
become known.
• An unpatched OS or firmware becomes very vulnerable in
short order and may become a threat to the network.
» Most software makers have an updating service; subscribing to
that service will help to mitigate the threat.
– Open TCP/IP ports.
» Open ports on networks are listening for requests for or by
services, applications, or protocols.
• All open ports are a security vulnerability and there are 65,535
possible ports that may be open.
» A best practice for network security is to specifically close all
unnecessary ports to harden a network.
Common network security issues.
8. Page 8
– Misconfigured authentication services.
» The TACACS+ and RADIUS services are often used to
authenticate devices and users on networks.
• A misconfiguration of either may lead to a security issue that
allows malicious users to be authenticated to use network
resources.
» Thoroughly reviewing the configuration of authentication
services will help to mitigate the problem. In addition, all default
local accounts should be disabled (these may present a slight
opening for a malicious user to exploit authentication services).
– Active default usernames and passwords.
» Almost all devices and applications come with default
usernames and passwords to ease the setup process.
• If left active, these defaults create a security issue—as they
tend to be well known or are easy to find through simple
research.
» A best practice is to disable all default usernames and
passwords after setting up the device or application.
Common network security issues.
10. Page 10
– Malicious users.
» Malicious users may be the single biggest security issue facing
any network and they will fall into one of two categories:
• An untrusted malicious user: an outside entity that has
exploited a security weakness to gain access to network
resources (e.g., a hacker who has breached a database’s
security features to gain access to valuable information).
• A trusted malicious user: a person or entity that has been
explicitly granted access to network resources that then
exploits this trusted position for malicious purposes.
» A best practice is to review log files on a regular basis to see
what resources are being accessed and by whom to help
maintain security.
– Packet sniffers.
» Packet sniffers examine network traffic at a very basic level and
can be used to help in the administration of a network.
• Packet sniffers may also be used by malicious users to see
what protocols and activities are allowed on the network. This
may help them in further attacking the network.
Common network security issues.
11. Page 11
– Malware.
» It is usually defined as malicious software that has the intent of
causing harm. As a category, malware covers any code based
threat to a network or system.
• Examples of malware include: viruses, Trojans, and spyware.
» To protect against malware, anti-malware applications should
be running on every device. To be proactive, end user
education should also be in place to teach them to recognize
the dangers.
– ICMP (Internet Control Messaging Protocol)
related issues.
» ICMP can be a valuable tool for diagnosing issues on networks,
but it can also become a security vulnerability.
• ICMP can be exploited in a denial-of-service (DoS) type of
attack.
• ICMP can be used to redirect legitimate users to a new
malicious default gateway, possibly resulting in loss of data or
sensitive information.
» It is now a best practice to deny ICMP requests on a router’s
outward facing interface.
Common network security issues.
12. Page 12
– DoS or distributed DoS (DDoS).
» In an attempt to bring down a network or website, malicious
users will often send thousands (or hundred of thousands) of
requests for services.
• The attackers’ goal is to make that resource unreachable by
legitimate users.
» Many modern firewalls and other network appliances have
been configured to recognize the signature of such an attack
and can take steps to mitigate the results.
– Unintended backdoor access.
» When creating applications, developers often create backdoors
into the programs. Backdoors are a method of accessing an
application or service while bypassing the normal
authentication process. Unfortunately, these backdoors are
sometimes left open after the development process has been
completed. Once these become known, they can be exploited.
• In most cases, the application is listening on a specific port
(e.g., an open port) for a request for access.
» The best mitigation technique is to close all unnecessary ports
on a network.
Common network security issues.
13. Page 13
– Jamming.
» All wireless networks use radio frequency (RF) channels to
transmit data on the network. It is possible to create enough
interference on the RF channel that it is no longer useable on
the network.
• An attacker will often use jamming when performing a DoS
type attack; however, it can also be used to perform an evil
twin type attack.
» Many of the modern networking standards and devices employ
techniques to mitigate the threat of jamming (e.g., 802.11n and
802.11ac are difficult to jam).
– Banner grabbing.
» Many network devices display banners (displayed
messages)when users are signing into or requesting services
from network devices. These banners can impart information
about the type of device or the type of service that is being
requested.
• This information may be used by a hacker to research
possible exploits.
» The best practice is to disable all unnecessary services and
banners on network devices.
Common network security issues.
14. Page 14
Common network security issues.
Network security is an ever shifting landscape and some security issues
may be inadvertently created by misconfigurations. Some of these
misconfiguration issues can occur on: firewalls, ACLs, applications,
unpatched OSs or firmware, open TCP/IP ports, and authentication
services. The use of default usernames and passwords is another means
by which a network can be breached.
Topic
Security issues caused by
misconfigurations.
Summary
There are many security issues that face modern networks. Some of these
issues include: malicious users, packet sniffers, malware, ICMP, DoS or
DDoS attacks, unintended backdoor access, jamming, and banner
grabbing. Each of these vulnerabilities can be mitigated, thus hardening the
network.
Other network security
issues.
16. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.