Académique Documents
Professionnel Documents
Culture Documents
IDS Approaches:
IDS responses;
1. Passive resposne
Logging
Notification
Shunning
2. Active response
terminating session or process
configuration changes
deception
Symmetric algorithms:
Asymmetric Algorithms
RSA - for encryption and digital signature, used in SSL, use prime numbers to generate keys
Diffie-Hellman - for secure key exhange
ECC - like RSA but for smaller devices like cellphone and wireless devices
El Gamal - used in transmitting digital signature and key exchange
--------------------
PGP - de facto standard for e-mail encryption, use both symmetric and asymmetric
encryption
S/MIME - de facto standard for e-mail message, asymmetric encryption, secure e-mail
communication
Secure Electronic Transfer (SET) - encryption for credit card number transmission
Penetration testing – to actively assess deployed security controls
IPv4 Classes
Class Address
A 1.0.0.0 - 126.0.0.0
B 128.0.0.0 - 191.255.0.0
C 192.0.0.0 - 223.255.255.0
D 224.0.0.0 - 239.0.0.0
E 240.0.0.0 - 255.0.0.0
SYN Flood:
Attacker never sends ACK to server
Smurf Attack:
Flood host with ICMP packets, overwhelms with packet flood
Ping to broadcast address
Man-in-the-Middle Attack
Web spoofing
information theft
TCP Session hijacking
Attack methods:
ARP Poisoning
ICMP Redirect
DNS Poisoning
Replay Attack:
Intercepts and retransmit data
reuse authentication tokens
trick biometric systems
IDS = passive
IPS = active
Signature and anomaly based detection methods
Common Ports:
NetBIOS 135-139
LDAP 389
TACACS 49
RADIUS 1812
POP3 110
SNMP 161
HTTP 80
IMAP4 143
IPSec 50, 51
SSL 443
FTP 20,21
TFTP 69
CHARGEN 19
NNTP 119
DHCP 67,68
SMTP 25
SSH 22
TELNET 23
DNS 53
RAID Levels:
Parity = redundancy
Striping = multiple disks act as 1, i.e data spread between the disks
RAID 0- striping (redundancy, but no fault tolerance)
RAID 1- Mirroring and duplexing
RAID 3- Striping with a Parity disk
RAID 5- Striping with Parity
Alternate Sites:
Hot Site: fully functional, very expensive, fast continuity
Warm Site: systems and servers installed, but not configured
Cold Site: empty room, no equipment, or equipment in boxes, weeks to set up and configure
Fire Extinguisher:
Class A: ordinary combustibles : (water agent)
Class B: flammable liquids (oil, gas, grease) : (CO2 agent)
Class C: Electrical : (halon agent)
Class D: Flammable Metals : (Dry powder agent)
Study up on:
802.11 codes
TEMPEST
Security Models (least privilege etc.)
Study Cryptography
Types of Attacks
Viruses, Trojans, Descriptions
__________________________________________
subtract 24 from the number, the result is 6, so count over the chart from the left to right six
spaces, leaves us at 252, which is our subnet mask. The number below the 252 is our
incremental value. So, i = 4. Increments start at 0 then count using value of (i). So,
0,4,8,12,16,20,24,28 . Our starting number was 9 (the last octet in the IP address). 9 falls
between the 8 and the 12 in our incremental list. So, our range would be .8 to .11 .
/16=> 255.255.0.0
/24=> 255.255.255.0
__________________________________________
802.11i = standard for wireless security