Security+Lesson ObjectivesThe CIA TriadCIA and Non-RepudiationAdditional Security TermsSecurity+ Exam: Authentication, Access Control and AuditingSecurity and Business ConcernsAuthenticationAuthentication MethodsAuthentication Tools and MethodsAuthentication Tools and Session KeysMultifactor AuthenticationSingle Sign-on AuthenticationSingle Sign-on Authentication (cont’d)Mutual AuthenticationUser Name and PasswordAuthentication in Windows and LinuxUnderstanding KerberosUnderstanding Kerberos (cont’d)Slide 20Slide 21Slide 22CertificatesToken-Based AuthenticationChallenge Handshake Authentication Protocol (CHAP)Smart CardsSmart Cards (cont’d)BiometricsExtensible Authentication Protocol (EAP)Slide 30Slide 31Access Control Terminology and ConceptsThe Audit Trail: Auditing and LoggingAccess Control MethodsDiscretionary Access Control (DAC)Mandatory Access Control (MAC)Role-Based Access Control (RBAC)Balancing Responsibilities of SecuritySlide 39Slide 40Cryptography and EncryptionCryptography and Encryption (cont’d)Hash EncryptionSymmetric-Key EncryptionSymmetric-Key Encryption (cont’d)Block and Stream CiphersOne-Time PadsSymmetric-Key Cipher TypesSymmetric AlgorithmsSymmetric Algorithms (cont’d)Strengthening Symmetric-Key EncryptionAsymmetric-Key EncryptionAsymmetric-Key Encryption (cont’d)Examples of Asymmetric-Key EncryptionSending MessagesAsymmetric-Key Encryption and SSL/TLSElements Used in Asymmetric-Key EncryptionApplied EncryptionApplied Encryption (cont’d)Slide 60Slide 61Slide 62Slide 63Public Key Infrastructure (PKI) EssentialsPublic Key Infrastructure (PKI) Essentials (cont’d)Slide 66Slide 67Slide 68Slide 69Slide 70Common Trust ModelsCommon Trust Models (cont’d)Slide 73Slide 74Key Management and the Certificate Life CycleKey ExpirationKey and Certificate RevocationKey SuspensionKey RenewalKey DestructionCertificate and Key StorageKey EscrowKey RecoveryUsing Multiple Key PairsPlanning for PKISlide 86Slide 87Network Attack OverviewProtocol OverviewProtocol OverviewSpoofing AttacksScanning AttacksSlide 93Denial-of-Service (DOS) AttacksDistributed Denial-of-Service (DDOS) AttacksDistributed Denial-of-Service (DDOS) Attacks (cont’d)Slide 97Man-in-the-Middle AttacksProfile of an AttackPassword-Guessing AttacksSoftware ExploitationAttacks Against EncryptionSocial EngineeringMalicious CodeAuditingSlide 106Slide 107Security BaselinesClient Security IssuesClient Security Issues (cont’d)Slide 111Server-Side Issues: Application HardeningServer-Side Issues: Application Hardening (cont’d)Slide 114Slide 115Operating System HardeningSlide 117Slide 118Remote Access Concepts and TerminologyOverview of Remote Access MethodsOverview of Remote Access Methods (cont’d)Virtual Private Networks (VPNs)Virtual Private Networks (cont’d)Slide 124TACACS and TACACS+Remote Authentication Dial-In User Service (RADIUS)Remote Authentication Dial-In User Service (RADIUS) (cont’d)IPsecIPsec (cont’d)802.1xRemote Administration MethodsSecure Shell (SSH)Secure Shell (SSH) (cont’d)Slide 134Slide 135Slide 136Slide 137Wireless Network TechnologiesWireless Network Technologies (cont’d)Slide 140Wireless Application Protocol (WAP)Wireless Security VulnerabilitiesWired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP) (cont’d)Slide 145MAC Address FilteringMAC Address Filtering (cont’d)Problems with WTLSSolutions for Wireless Network VulnerabilitiesSite SurveysUnauthorized Site Surveys: War Driving/War WalkingSlide 152Slide 153Firewall OverviewSecurity TopologiesTypes of Security ZonesCreating a Virtual LAN (VLAN)Network Address Translation (NAT)Network Address Translation (NAT) (cont’d)Types of Bastion HostsTypes of Bastion Hosts (cont’d)Slide 162Traffic Control MethodsTraffic Control Methods (cont’d)Slide 165Configuring FirewallsNetwork HardeningNetwork Security ConcernsPhysical Security ConcernsPhysical Security Concerns (cont’d)Slide 171Slide 172Cabling and Network SecurityTwisted-Pair CableSecurity Concerns for UTP/STP CableFiber-Optic CableProtecting the Network Against Common Physical AttacksSlide 178Slide 179Risk IdentificationRisk Assessment StepsSlide 182Intrusion DetectionNetwork-Based Intrusion DetectionHost-Based Intrusion DetectionHost-Based Intrusion Detection (cont’d)IDS Signatures and RulesChoosing the Correct IDSFalse Positives and False NegativesIDS SoftwareHoney PotsElements of an Incident Response PolicyForensicsForensics (cont’d)Disaster RecoveryBusiness ContinuityBusiness Continuity (cont’d)Backups and Business ContinuityBackup StrategiesBackup strategies (cont’d)Slide 201Slide 202Security PolicySecurity Policy (cont’d)Slide 205Human Resources PoliciesWriting a Specific PolicyPrivilege ManagementTraining Secure PracticesDocumentationClassification and NotificationClassification and Notification (cont’d)Retention and Storage IssuesSecurity+Lesson 1Authentication MethodsLesson ObjectivesIdentify foundational security services and conceptsList basic authentication concepts (what you know, what you have, who you are)Define authentication methods, including Kerberos, certificates, CHAP, mutual authentication, tokens, smart cards and biometricsIdentify the importance of multifactor authenticationControl authentication for modern operating systemsThe CIA TriadCIA and Non-RepudiationRepudiation: an illicit attempt to deny sending or receiving a transaction. Examples of transactions include:A user sending an e-mail message to another userWeb session in which a purchase is madeA network host sending a series of port scans to a remote serverNon-repudiation: the ability to prove that a transaction has, in fact, occurredNon-repudiation is made possible through signatures (digital and physical), as well as encryption and the logging of transactionsAdditional Security TermsAuthenticationAuthorizationAccess controlAssetVulnerabilityThreatThreat AgentRiskAttackCompromiseCounter-measureMalicious userExploitAuthentication informationSecurity+ Exam: Authentication, Access Control and AuditingThe Security+ exam focuses on the following concepts:AuthenticationAccess controlAuditing access to systemsSecurity and Business ConcernsSecurity is a business concern: In most cases the business’s most important asset is the information it organizes, stores and transmitsFoundational security documentsTrusted Computer Systems Evaluation Criteria (TCSEC)ISO 7498-2ISO 17799Health Insurance Portability and Accountability Act