CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

1. Common network
vulnerabilities.

2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certification
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

3. Page 3
– Vulnerabilities associated with
unsecure protocols.
– Vulnerable network practices.
PACE-IT.

4. Page 4
Common network vulnerabilities.

5. Page 5
Network security is never a
completely done deal. It
often seems as if, as soon as
one hole is plugged, another
opens up.
While this is true, there are still steps that
administrators should take to reduce the
vulnerabilities that exist in the systems under their
control.
By reducing known vulnerabilities, administrators
can then spend their time preparing for and
reducing exposure to up and coming threats.
Common network vulnerabilities.

6. Page 6
– Telnet.
» A protocol that is used to create a virtual terminal connection
that is commonly used in troubleshooting.
» Telnet is very unsecure because all communication occurs in
clear text—telnet doesn’t support encryption.
• Whenever possible, SSH (Secure Shell) should be used in
place of Telnet.
– SNMP (Simple Network Management
Protocol) v.1 and 2.
» Protocols that are used to remotely manage and configure
network devices.
» Due to a lack of encryption support, versions 1 and 2 are
unsecure and are susceptible to packet sniffers.
• SNMP v.3 should be used whenever possible, as it supports
more security.
Common network vulnerabilities.

7. Page 7
– FTP (File Transfer Protocol).
» A protocol used to transfer files across a network connection.
» While a username and password are required in most cases to
use FTP, it doesn’t support encryption, which creates a
vulnerability in the process.
• SFTP (Secure FTP) should be used in place of FTP, as it
creates an SSH FTP session.
– TFTP (Trivial File Transfer Protocol).
» A simple stripped down version of FTP that doesn’t support
authentication like standard FTP. It is commonly used to
download configuration files to networking equipment.
• TFTP should only be used when a connection to networking
equipment is made through the console port, thus eliminating
the possibility of eavesdropping.
Common network vulnerabilities.

8. Page 8
– HTTP (Hypertext Transfer Protocol).
» Protocol used to send and receive data over the Internet.
» It is unsecure in its basic format and susceptible to being
intercepted due to its lack of encryption.
• HTTPS (HTTP Secure) should be used when conducting
sensitive business over the Internet, as it will provide
encryption and other security services.
– SLIP (Serial Line IP).
» An early protocol developed for communicating over serial
ports and modem connections that requires a static IP address.
» Very outdated and unsecure, SLIP doesn’t support encryption.
• PPP (Point-to-Point Protocol) should be used in place of
SLIP.
Common network vulnerabilities.

9. Page 9
Common network vulnerabilities.

10. Page 10
– Unpatched or legacy systems.
» Unpatched systems are, by their very nature, unsecure.
• Keeping all operating systems and applications up to date will
reduce vulnerabilities in the network.
» In some situations, it is necessary to keep legacy systems
alive. This can create vulnerabilities in the system, as
weaknesses in these systems tend to be well known.
• Special security measures should be taken with legacy
systems in order to reduce the opportunities for exploitation.
– Open ports.
» An open port—either a physical or application port—on the
network is a hole in the security of the network that may be
exploited.
» While not all open ports can be or should be closed, security
should be placed on those ports that need to remain open to
reduce the vulnerability of the network.
• A good practice is to use a port scanner periodically to verify
that only absolutely required application ports are open.
Common network vulnerabilities.

11. Page 11
– Unnecessary running services.
» Operating system services are used to perform some function
within the system, but it is possible for them to be exploited.
• A periodic review of all running services should be conducted
on all equipment that attaches to the network. All unnecessary
running services should be disabled.
– Clear text credentials.
» Many applications and devices require the use of credentials in
order to be used. In some cases, these credentials are sent in
clear text format, which makes them easily read when
captured.
• A good practice is to periodically review all applications and
systems to determine which ones use clear text credentials;
then, either limit their use or figure out how to encrypt the
transmissions.
Common network vulnerabilities.

12. Page 12
– Unencrypted channels.
» Any method of communication on the network that is not
encrypted is an unencrypted channel that is subject to being
breached.
» While not all communications channels need to be encrypted, a
good practice is to review all channels and make a decision
about which ones need to be encrypted and which ones do not.
• All wireless network channels should be encrypted—no
exceptions.
– RF (radio frequency) emanation.
» One method of intercepting communication is to analyze signal
leakage (e.g., RF emanations). Many forms of communication
are subject to these signal emanations, but there are steps that
can be taken to reduce them.
• TEMPEST is a set of standards established by the NSA
(National Security Agency) and NATO (North Atlantic Treaty
Organization) that outlines steps that can be used to reduce
the opportunity for interception and analysis of
communication.
Common network vulnerabilities.

13. Page 13
Common network vulnerabilities.
Security is never a completed task. It is always an ongoing concern.
Administrators can take steps to reduce their exposure to known
vulnerabilities. Some known vulnerable protocols include: Telnet, SNMP v.1
and v.2, FTP, TFTP, HTTP, and SLIP.
Topic
Vulnerabilities associated
with unsecure protocols.
Summary
Unpatched and legacy systems are vulnerable to exploitation. An open port
is a hole in the security of the system. All unused ports should be closed. It
is possible to exploit running services, so all unnecessary services should
be disabled. Administrators should know which applications send
credentials in clear text and take steps to reduce the security risk posed by
them. Unencrypted communication channels are subject to interception; a
review of all channels should be conducted to reduce this vulnerability. All
wireless communications channels should be encrypted. It is possible to
intercept communication by capturing and analyzing RF emanations;
TEMPEST is a set of specifications that reduces this vulnerability.
Vulnerable network practices.

14. Page 14
THANK YOU!

15. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.