< All CompTIA Security+ Notes

ltwilliams | CompTIA Security+ | Module 1

By: ltwilliams | Related Course: CompTIA Security+ | Published: June 3, 2017 | Modified: September 30, 2017
Join Cybrary

NotepadFirewalls notes

What are firewalls

Hardware/software implementations to filter traffic. Allows us to limit and dictate the traffic. It will inspect the traffic then allow or deny, both inbound and outbound.

 

What they do

Types of firewalls

  • Packet inspection
  • Application filtering
  • Stateful firewalls

 

Packet inspection uses triggers

Application filtering looks at which applications have been called on by the traffic

Stateful firewalls. With incoming reply if there is also same outgoing then it will be allowed

——

Firewalls can be used even in a DMZ (dematerialized zone). 

On the inbound to the server most likely; application filtering and packet inspection.

On the outbound mostly uses stateful firewalls. There must be a outgoing leg coming for the incoming traffic. 

We can specify traffic by:

  1. IP address
  2. Port Address

Inbound and outbound firewalls work back to back to create a DMZ. 

Routers are network devices configured to forward network packets based on IP addresses.

Implement secure router configuration such as passwords.

 

Switches are network devices that facilitate packet delivery based on MAC addresses. Switches for the first time deliver packets to every port but then it learns the MAC address of a device then in the future only sends it to one device at a time. Switches deliver traffic to the MAC address therefore they learn the port number.

HUBs works in the same way but the disadvantage is that they work on electricity. A HUB sends to every port on the network even if it is only for one individual port. With a lot of users it can cause congestion.

Load balances allow us to ensure the availability of resources, servers and data. They balance the load on the computers. Load balancers are places between the computers and servers.

 

 

 


NotepadNetwork address translation

We can use proxies to implement network address translation. Computers on the private network cannot directly communicate with the internet.

NAT allows us to preserve the use of ipv4 and share public addresses.

-Caching

-Security

-Multiple IPs share 1 public address


NotepadNetwork Administrtion Principles

Rulebased management 

Dictated the incoming and outgoing traffic using firewalls. Rules either consist of allowing or denying traffic.

Secure router management helps maintain the integrity of the routing tables. Malicious attacks could change the routing tables and redirect traffic.

Access control lists are lists generated within the servers and firewalls to determine what users and systems have access. We can dictate or limit during the period a client is connected to the network.

Port security. Logical and physical security. Physical security locks down devices e.g. a device locked within a cabinet. For logical security you can disable physical ports connected.

Implementing 802.1x which is a port based authentication standard to ensure that rogue devices do not connect to our network. This is done on the switches to ensure that anyone connecting a device must authenticate.

Flood guards can be stand alone devices or deivces that are built into the firewall to ensure that the network is safe. 

Types of flood guards:

  • Ping flood
  • Syn flood 
  • All types of flood

Usually networks allow a ping to test for connectivity. Malicious people can flood a server with pings to overwhelm a server,

A syn flood is when a attack uses packets.

When setting up routers and switches, if we accidentally create a loop the spanning tree protocol can be implemented to prevent looping. To break any loops that are created as a result of configuration error.

We could also implement implicit deny. All traffic unless explicitly allowed then it should be denied. 

We must also do log analysis; event logs, successful,incident and failed logs.


NotepadNetwork Design Elements

It’s best for the web server to be separate from the internal network. Aka putting it in a DMZ.

Remote Access

Communications via a VPN so it ensures confidentiality and traffic moving across the internet.

Authentication should be used so we can ensure the right people are connecting to the network.

Telephony

-Desk Phones

-VOIP

-Voice encryption

-War Dialling

With desk phones each used should have a specific secure code such that if someone on the inside they have to punch in a code to limit and monitor users usage.

VOIP lowers phone bills. 

Voice encryption to ensure confidentiality. Encrypt voice packets so people can’t ease drop on conversations.

War dialling. Malicious people could load an organizations phone numbers and call numbers to see which phones get picked up and which don’t. Used to determine modems.

Network Access Control. Communication takes place on the domain controller. A way to do this is using a health check server. This server will check various changes to the user pc that is trying to connect. If it doesn’t meet the baseline it is directed to a remediation server where it adjusts it so the pc can meet the pc baseline. Every pc gets checked by the health check server to ensure all are the same.

Virtualization. Multiple partitions with different operating systems installed on each partition. With virtualization you have the host pc, you install a hypervisor (where you can build one computer within another). The hypervisor will share resources with the host ip; processor, ram and ports.

Layered Seciroty’ bios configuration, physical padlock, door lock, cctv, physical guards.

 

 


NotepadProxies

Proxies are devices or servers that forward traffic between clients and servers on a network. They could be proxy servers or routers. 

Private addresses cannot move over the internet so proxies can be used to facilitate this.

Reverse proxies can protect web servers.

Service providers give 1 or 2 public IP addresses.

For multiple computers use a proxy for the public addresses. Then the client computers can forward the packets through the proxy using the ports.

Systems on the internal network can only use internet through the internet.

The proxy has a computer table. The proxy flags the message from the computer to know which computer its from. It then provides its own address  with the clients packet content and sends that to the internet. 

With the inbound packed form the internet it recognizes the flag for the computer and then relays the content.

Network address translation (NAT). Benefits of NAT:

  • Multiple computers on a network with private addresses can share one public address
  • Caching – if the other computers have the same request the proxy will service that request and not need to go to the internet. It ’learns’ the response.
  • Security – external clients can only see the proxy, they cant see internal addresses

 

 


NotepadReverse proxies

A pc user makes a request to a webserver. With a hidden reverse proxy. If the client makes a legitimate request it sends it to the webserver however if it is malicious it blocks the traffic.

The reverse proxy also inspects all outgoing traffic from the webserver. Allowing legitimate and denying malicious


NotepadSecurity Issues wireless part 2

Captive portals – a interface through a browser where they must provide specific account details to gain access

WPA – Depends on TKIP but is compromisable

WPA2  Depends on CCMP. Strongest form of encryption


NotepadSubnet mask

The subnet mask tells us which is the network part of the ip and which is the host part.

Classes of subnet masks;

A. 255.0.0.0

B. 255.255.0.0

C. 255.255.255.0

We can never have it like 255.0.255.255. Because you can never have a 0 before the 255.

The 255 constitutes the network portion of the address. The 0 constitutes the host ID.

E.g. 

IP 192.168.10.150

Question: What constitutes the network portion of the ip with subnet mask 255.255.255.0

Answer: 192.168.10.0

Question: What is the host ID of this ip address?

Answer: 0.0.0.150

 


NotepadSubnetting

Subnetting is taking one IP address and break it down into a group of several addresses.

Each block size is 8 bits. 1,2,4,8,16,32,64,128

The subnet tells us what part of the network address and which part is the host address. The host address is the 0. Each 255 in the subnet is 8 bits, so 255.255.255.0 is 24 bits.

8 bits in an octet.

Subnetting to 27 bits, you need to borrow 3 bits from the host address. break down the host address into the 8 bits.

Then to work out the number of subnets using the formula:

2^n where (n= bits borrowed)

so.. 2^3 = 8 subnets

Network id given this will be

192.168.1.0

What is the value of the last bit borrowed… 

128/64/32/16/8/4/2/1

The value is 32 so it will increase by 32 each time…

Therefore:

192.168.1.0

192.168.1.32

192.168.1.64

192.168.1.96

etc etc for 8 subnets.

Now how many bits left? 5.

Another formula: 2^n-2 where (n=bits left)

This gives us 2^5-2 = 32 –  2 = 30 = 30 PCs per subnet

So to prove this use; network id, 1st valid, last valid and broadcast.

To get first value add 1 to the last octet (last digit of ip).

To get the broadcast, minus 1 from the next level down. So skip the first ip and minus 1 from the last octet of the second ip. Do this for each. To get the broadcast for the last ip, add 32 then minus 1 to the last octet.

To get the last valid, minus 1 from the last octet of the broadcast.

Now the difference between the first and last valid proves there can be 30 computers on the subnet

 


NotepadTCP IP procotol

Transmission Control Protocol.

It is a connection oriented protocol, it establishes a logical connection in a threeway handshake. It determines the negotiation, acknowledgement, how packets will be sent; at what size, frequency and speed for the transmissions.

It does proper sequencing so it can track what packets have been sent to know what needs to be resent.

It also has a sliding window that allows TCP to check that messages have been sent and if it not has been acknowledged to be received it will resend. Aka guaranteed delivery.

TCP is the protocol of choice for delivery.

The putpose of IP is for logical addressing so we know from which IP the packets are coming from.

Two types of protocol; IPv4 and IPv6.

IPv4 is:

-32 bit address

-Expressed in decimals

-4 octets

-Each octet is 8 bits long

-punctuated by period

An IP has 3 types of classes:

Class A: 1-126

Class B: 128-191

Class C: 192-223

To find the class of the IP, we consider the value of the first octet of the IP address.

 

127 is reserved for loopback testing

 


NotepadVPN Concentrators

VPN’s help with security. Packets are encrypted in a virtual tunnel to protect form malicious attacks. Some pcs and printers cannot handle encrypted packets.

Therefore a vpn concentrator is needed to be used to decrypt and encrypt incoming and outgoing traffic from remote users.

 


NotepadWireless Network Security Issues

1. Antenna placement – A good signal spread is needed for good access for all devices on the network. You must do a site survey so people cant remove the antenna. You can test by temporarily mounting and moving to find the best spot. Limit physical access to the routers and access port.

2. Change SSID, Admin ID and Password for the wireless access point

3. War driving is when you have people within a vehicle with wireless equipment detecting wireless networks. With the SSID broadcasting they can find it and decide to attack the network. War chalking identifies which networks are strong/weak/secure/unsecure.

4. Access control using MAC Addresses of devices that connect. We can limit access to the AP by mac address – MAC filtering using the allow and deny list.

5. Encryption to ensure confidentiality  and integrity of data being sent in and out. 

   -WEP depends on RC$. RC4 was easily compromised because its dependant on a set of keys (a limited number), started repeating keys and shows a pattern of use of keys.

   -WPa use TKIP (temporal key integrity protocol)

   -WPA2 uses CCMP. Strongest form on encryption

6. To connect 2 buildings wirelessly. to push the signal further increase or decrease (to reduce distance) the power level controls. This alters the signal spread

 


< All CompTIA Security+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel