You can’t protect your networks unless you understand the threats to your network. Using the concept of security shells makes it easier to categorize and mitigate threats.
are under attack today. It's rare to find anybody anymore who doesn't hear terms like malware for example and worry about what do we do to protect our computers and our network. Now, we need to be careful here because the CompTIA A+ has a lot of questions about security. But they're going to be concentrating So, let's go ahead and take a moment and let's get zen-like about how do we look at our security environment. To do that, we need to draw some circles. Here is an individual system. This could be my system at home. This could be my office computer. This could be my smartphone. I don't care what it is, but from a security standpoint, the first thing we do is we think about putting a nice little circle, a little shell around this thing, of protection. So we're going to call this host-based security. And this is a big part of the A+. But the A+ takes it a little bit further than that. In particular, we're going to draw another circle. And now this circle is going to be our network. So this will be our router, if we've got any switches. This is going to be other computers, which will also have their own circle around them, but when we look at the entire network as an entity, we draw one big circle around everybody. Now, we can even take this a step further and draw one more circle. Now, this circle is what we're going to call physical security. So, when I say physical security, I'm talking about locks on doors. I'm talking about security guards. I'm talking about things that keep people from physically getting to this network or individual hosts. Thinking about our IT infrastructure, there you go, Mr. Security Person, in terms of shells like this makes it easier for us to organize defenses against threats. So let's go ahead and start talking about threats right now. The first threat I want to talk about is called man-in-the-middle. Now, when I say man-in-the-middle, we're talking about something that is between me as a sender and someone else as a receiver. Someone who stands between me as a server and a client. It doesn't mean just one type of attack. Emails have man-in-the-middle, wireless has man-in-the-middle. They all have these types of attacks. Let's talk about this for a sec. Here's a server serving something. It might be an email server. It might be a web server. It could be anything. In fact, it might even be a wireless access point just serving up internet access to people using 802.11. The bottom line is is that any time I can get in between. Here's Evil Mike. Let me draw a mustache and a beard on him. Hey, wait a minute, already got a mustache and a beard. Okay, so any time I as Evil Mike can intercept the conversation that's going on between servers and clients, I'm acting as a man-in-the-middle. Keep in mind, man-in-the-middle can be done for all kinds of things. Email, wireless, web pages, all kinds of stuff. The main fix we do to get around this is through encryption. So we tend to do whatever we need to do to encrypt this connection between the two so that that guy, while he could probably always read this data, we make it in a format that they can't read it. The next topic I want to cover is the concept of spoofing. Hey, wait a minute, get off my stage. You're not Mike Meyers. That's actually a pretty good example. To spoof simply means to take on the look and feel of some other entity. Spoofing takes place with email. Spoofing can take place in any type of client server situation. And spoofing can often be a big challenge. We get around spoofing more often than not by creating certain types of connections that verify that the person I'm actually connecting to is the person that I intend to be speaking with. For example, in webpages, we use certificates, or another type of error, depending on what's going to happen, basically saying that the server is too busy. Denial of service is easily the number one biggest problem we have on the internet today. Now, if you want to make it worse, and why not, we're going to create what's called a distributed denial of service. Let me show you how that works. In a distributed denial of service, what we do is we install some form of malware onto hundreds, thousands, tens of thousands, maybe even hundreds of thousands of computers. These types of malwares are usually distributed through emails or something like that to try to get lots of people on here. These computers are now known as zombies. And there's some very distinct signs to let you know if you have a zombified client. And then what will happen is that there'll be some server system that is in control of all of these zombies. And these computers will run potentially for months, even years, until suddenly a signal is sent. And this signal sends to all of these devices, and literally brings down the server from millions of malformed requests. Now the A+ is not expecting you to become a great protector of networks and suddenly come up with methodologies to prevent distributed denial of service attacks. In fact, good luck with that. We're fighting that every day at a very, very high level. However, we will expect you to recognize problems that you might run into. Oh, by the way, CompTIA uses one other term I want to mention. And that term is called zero day. Zero day basically means a new type of threat, a new type of man-in-the-middle attack, a new type of denial of service attack, whatever it might be, that no one's seen before. Zero day threats are a problem because the powers that are out there to prevent this stuff count on heuristics, how's that for a word, to be able to recognize these different types of problems. And if they haven't seen it before, a lot of times, a particular threat can get through and wreak havoc until the elders of the internet get around to making patches and anti-malware and all types of other tools to stop it. So, zero day is a bad thing. Okay, again, CompTIA's not expecting you to become the great person who's going to be stopping denial of service attacks. However, it does expect you to recognize problems that will show that you are being victimized by these types of attacks on individual systems. There's a few to look out for in particular. Number one, watch out for things like renamed system files. It is extremely common, particularly a classic what we call a hacker, where someone's actually penetrated into your system and has access using root or something like that to start doing naughty things. So, renamed system files is a big problem. To suddenly find yourself denied of things that you would normally want to do and trying to click on your desktop and suddenly you can't get to stuff, that's a bad sign. Files that magically disappear. This is also something that's going to point to somebody doing something naughty on your system. In particular, this will also mean file permission changes. A folder that you've always had full control on and suddenly you don't even have read access to, these are all red flags. These types of errors tend to show up in different types of logs. So, what I'm going to do is show you just a couple of examples of stuff you might see. So, here is an example of email problems. And this is very common where we're seeing particularly types of emails that are just trying to do strange things that we're uncomfortable with. The other problem that we run into is people who are trying to come into our network who are unauthorized. So let me show you another type of log. Now on this log, if you look closely, you'll see that people are trying to SSH into my network. So luckily my firewall is blocking this, but it's also reporting to me and letting me know that there are problems out there. The bottom line is is that when it comes to these types of threats, we've got a whole other episode where we're going to talk about how to deal with it. On this particular episode, it's important that you recognize philosophically the types of threats that are out there, and also some of the symptoms that let you know you're under attack. (smooth jazz music)
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.