Chapter 1 - Overview. After studying this chapter you will be able to: Understand network security, understand security threat trends, understand the goals of network security, determine the factors involved in a secure network strategy, security certification.
Security + Certification About The Certification Security_Certification • Has some Obsolete Links • CC:Http://www.commoncriteria.org • The International CC Project has discontinued the www.commoncriteria.org Information/Knowledge Management Portal • NIST:http://www.csrc.nist.gov/publications computer security resource Center • RFC:http://www.icann.rfceditor.org ATHENA The Security+ Certification Program ATHENA The Security+ Certification is a testing program sponsored by the Computing Technology Industry Association(CompTIA) that certifies the knowledge of the networking technicians who have accumulated 24 months of experience in the information technology(IT) industry Http://www.comptia.org/certification Course Introduction ATHENA Chapter 1- Overview Chapter 2- Authentication Chapter 3- Attacks Chapter 4- Remote Access Chapter 5- Wireless Chapter 6- Email and Web Security Chapter 7- Devices and Media Chapter 8- Network Topology and IDS Chapter 9- System Hardening Course Introduction ATHENA Chapter 10- Basic of Security Chapter 11- Public key infrastructure Chapter 12 - Incident Response Chapter 13 - Policies and Disaster Recovery Learning Objectives ATHENA Understand network security Understand security threat trends Understand the goals of network security Determine the factors involved in a secure network strategy Security Certification Information Security ATHENA Information Security “Information Security is a PROCESS , not TOOLS” ATHENA Understanding Network Security Network security (Information Security) • Tasks of guarding digital information, which is typically processed by a computer (such as a personal computer), stored on a magnetic or optical storage device (such as a hard drive or DVD), and transmitted over a network spacing • Process by which digital information assets are protected ATHENA Understanding Network Security Security ensures that users: • Perform only tasks they are authorized to • Obtain only information they are authorized to have • Cannot cause damage to data, applications, or operating environment ATHENA Security threat trends ATHENA A vulnerability is a weakness in a system, such as mis-configured hardware or software, poor design, user carelessness, etc A threat is an unauthorized access to a network Security Terminology ATHENA Goals of Information Security Confidentiality • Protection of data from unauthorized disclosure to a third party Integrity • Assurance that data is not altered or destroyed in an unauthorized manner Availability • Continuous operation of computing systems ATHENA Causes of network security vulnerabilities Technology weaknesses Configuration weaknesses Policy weaknesses Human error ATHENA Creating a Secure Network Strategy ATHENA Human factors Know your weaknesses Limit access to resources – use “Principle of Least Privilege” Remember physical security Use the concept of “Defense in Depth” Creating a Secure Network Strategy ATHENA Firewalls Web and file servers – harden and test configuration of mission-critical machines Access control Change management Encryption Intrusion detection system (IDS) Security Certification CompTIA Security+ • • SCP (SCNA + SCNP) • • exams (499 USD) CCSP Cisco Certified Security Professional • • • • • ATHENA exams (2*150 USD, 2*180 USD) Distributing and detail information CISSP (Certified Information Systems Security Professional • exam (225 USD) General information Securing Cisco IOS® Networks Cisco Secure PIX Firewall Advanced Cisco Secure Intrusion Detection System Cisco Secure Virtual Networks Cisco Secure SAFE Implementation Summary ATHENA Understanding network security Security threats Goals of network security Creating a secure network strategy Security Certification ... Introduction ATHENA Chapter 1- Overview Chapter 2- Authentication Chapter 3- Attacks Chapter 4- Remote Access Chapter 5- Wireless Chapter 6- Email and Web Security Chapter 7- Devices... Media Chapter 8- Network Topology and IDS Chapter 9- System Hardening Course Introduction ATHENA Chapter 10 - Basic of Security Chapter 11 - Public key infrastructure Chapter 12 - Incident... computer security resource Center • RFC:http://www.icann.rfceditor.org ATHENA The Security+ Certification Program ATHENA The Security+ Certification is a testing program sponsored by the Computing