Đang tải... (xem toàn văn)
nhìn tổng quan về an toàn thông tin, có nên theo học an toàn thông tin hay không nhìn tổng quan về an toàn thông tin, có nên theo học an toàn thông tin hay không nhìn tổng quan về an toàn thông tin, có nên theo học an toàn thông tin hay không nhìn tổng quan về an toàn thông tin, có nên theo học an toàn thông tin hay không
Agenda Ngày 1: - Giới thiệu ATTT cho doanh nghiệp - Các phương pháp bảo mật xác thực - Bảo mật dịch vụ Windows DHCP, DNS, Active Directory Ngày 2: - Các phương thức mã hoá dùng Symmetric Key, Public Key - Bảo vệ sử dụng mạng Wifi với 802.1x Ngày 3: - Bảo vệ ứng dụng Web với Web Application Firewall - Thực hành Bảo vệ ứng dụng Web Ngày 4: - Giới thiệu hệ điều hành Linux - Hướng dẫn sử dụng hệ điều hành Linux/Unix - Hướng dẫn sử dụng nâng cao hệ điều hành Linux - Bảo mật hệ điều hành Linux - Thực hành cài đặt sử dụng OpenVas - Thực hành cài đặt sử dụng Nessus Ngày 5: - Bảo mật xác thực truy cập SSH sử dụng Certificate - Bảo mật file hệ thống - Thực hành Cấu hình bảo mật truy vấn DNS sử dụng Bind RPZ - Thực hành Cấu hình bảo mật truy cập Web sử dụng Squid Proxy - Thực hành Cấu hình tường lửa iptables Introductions HELLO! Name, nickname, job title, location NETWORK EXPERIENCE INDUSTRY EXPERIENCE SPECIFIC AREAS OR TOPICS OF INTEREST F5 PRODUCT EXPERIENCE Introduction to Security Objectives • Describe the challenges of securing information • Define information security and explain why it is important • Identify the types of attackers that are common today • List the basic steps of an attack • Describe the five steps in a defense Challenges of Securing Information • There is no simple solution to securing information • This can be seen through the different types of attacks that users face today • As well as the difficulties in defending against these attacks Today’s Security Attacks • Typical warnings: • A malicious program was introduced at some point in the manufacturing process of a popular brand of digital photo frames • A new worm disables Microsoft Windows Automatic Updating and the Task Manager • Apple has issued an update to address 25 security flaws in its operating system OS X Today’s Security Attacks (continued) Cyber Security Report 2017 Difficulties in Defending against Attacks • Difficulties include the following: • Speed of attacks • Greater sophistication of attacks • Simplicity of attack tools • Attackers can detect vulnerabilities more quickly and more readily exploit these vulnerabilities • Delays in patching hardware and software products • Most attacks are now distributed attacks, instead of coming from only one source • User confusion Difficulties in Defending against Attacks (continued) Components of an IDS Traffic collector: sometimes referred to as a sensor, a traffic collector captures activities and events for the IDS to examine In a HIDS, this may be any kind of audit logs or traffic logs to that specific host For NIDS, what happens is the sensor acts as a sniffer – making copies of the network traffic off of the network link In this offsite storage, the IDS is able to inspect and monitor the data without causing performance issues across the network Signature database: A collection of known patterns and definitions of malicious activity An IDS/IPS should receive periodic updates to this database as new attack patterns are identified regularly Analysis engine: Really the ”brains of the whole operation,” the analysis engine is the component responsible for examining traffic collected and comparing that against the signature database to find malicious behaviors if present NIDS/NIPS Methods Inline vs Passive Sensors • An inline sensor monitors data as it passes through the network devices This allows real-time blocking of malicious and/or suspicious traffic A downfall of using an inline sensor, however, is that a failure of the sensor could result in all traffic being blocked It’s important to note that an inline sensor could be a NIPS software that doesn’t require additional hardware • A passive sensor, on the other hand, makes an offline storage copying the traffic and there it is examined for suspicious behaviors or activities In-band vs Out-of-Band • In-band systems make determinations on whether to allow traffic or not and enacts changes via an inline sensor In-band systems have a security advantage, but definitely have some performance concerns as they monitor and makes decisions on traffic as it transverses the network Typically, we’d see these installed on network segments that contain high-value systems, where we typically don’t have high traffic volumes • Out-of-band systems rely on a set of passive sensors, but of course are reactionary in nature, as the traffic has already passed through the network components and to the end host Security Tools Protocol Analyzer Protocol analyzers are the perfect tool for capturing network traffic to be able to view traffic patterns Not only does it gather this traffic, it presents the information contained within the packets in English These can be used on both wired and wireless networks Protocol analyzers can be used to: • View traffic patterns and determine what ports/protocols machines are communicating • Identify unknown or unverified traffic • Verify network tools (such as packet filtering tools) and security controls are being adhered to Probably the most widely used protocol analyzer is Wireshark tcpdump Sometimes we need to capture and analyze network packets to a particular device This can be easily accomplished with a command-line utility, tcpdump tcpdump usually ships with most Linux distributions, but if not can be easily installed WinDump is a tcpdump clone made specifically for Windows Tcpdump can be used to save this traffic in a log, which writes in pcap form Pcap files can be then analyzed later using tools such as Wireshark OR within tcpdump itself Vulnerability Scanners As vulnerabilities are constantly found, security professionals find themselves in a constant race to patch these systems before these would-be attackers are able to exploit those vulnerabilities A tool that helps us stay ahead of the bad guys is a vulnerability scanner A vulnerability scanner is a program designed to probe a system for misconfigurations, old software versions, and other weaknesses A network vulnerability scanner is used to perform a broad sweep for vulnerabilities on more than one host across the network Host vulnerability scanners are designed to run on specific hosts to look for more specialized vulnerabilities in operating systems Host vulnerability scanners can be used on a remote machine, but they are typically looking for vulnerabilities on the system they are running on Application vulnerability scanners are utilized in looking for vulnerabilities in applications or certain types of applications Exploitation Frameworks Generally speaking, attackers want to exploit already known vulnerabilities, as most attackers don’t have the necessary skills to find new vulnerabilities or to build new exploits These vulnerabilities could exist in the • operating system, in the browser, in applications running on the system, device drivers, etc Exploitation frameworks are tools that are attackers would use to find vulnerabilities in a system Metasploit is the most common framework, designed to carry out the steps needed to exploit any known vulnerabilities that exist on a system Security professionals could use these tools to determine their own system’s security posture, including existing vulnerabilities and to test in-place security controls Traceroute The traceroute command provides a list of network devices (also known as hops) that traffic transverses as it is routed to the target remote host Traceroute uses ICMP to build this trace of the packet route, so if ICMP is blocked on any device, traceroute will be unable to provide any information on that device While the command is traceroute on Linux and macOS devices, on Windows machines, the command is tracert Dig/nslookup Dig and nslookup are commands used to query DNS servers to obtain domain names or their corresponding IP addresses for specific DNS records Nslookup was the first tool written to query DNS records, but it’s output is very limited Nslookup has been deprecated, but is still available Dig on the other hand, provides a much more robust answer after probing DNS, but does require deeper inspections, as this output must be read as a whole While this information may seem like almost too much, users should understand that dig answers are much easier for scripts to parse nmap nmap This tool is very useful, as we can use it to find and learn about the devices on our network • Find devices • Identify open ports • Detect operating systems (OS), running services and software installed (as well as versions) Available for Linux and Windows systems Summary • Attacks against information security have grown exponentially in recent years • There are several reasons why it is difficult to defend against today’s attacks • Information security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures Summary (continued) • The main goals of information security are to prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism • The types of people behind computer attacks are generally divided into several categories • There are five general steps that make up an attack: probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices Review questions 1.Which of the following devices is the most capable of providing infrastructure security? A Hub B Switch C Router D Modem Which protocol is primarily used for network maintenance and destination information? A ICMP B SMTP C IGMP D Router Which of the following are multiport devices that improve network efficiency? A Switches B Modems C Gateways D Concentrators Which service(s) by default, use TCP and UDP port 22? A SMTP B SSH C SCP D IMAP ... point in the manufacturing process of a popular brand of digital photo frames • A new worm disables Microsoft Windows Automatic Updating and the Task Manager • Apple has issued an update to address... risk-averse, better funded, and more tenacious than hackers • Many security experts believe that cybercriminals belong to organized gangs of young and mostly Eastern European attackers • Cybercriminals... cybercriminals, and cyberterrorists Script Kiddies • Script kiddies • Want to break into computers to create damage • Unskilled users • Download automated hacking software (scripts) from Web sites and use