Security Bootcamp - Day 3
Well, what can I say about today. At the end of it, we will be halfway through our course books. Today was a lot of fun for me. We talked about a lot of stuff that I did not know anything about. So let’s just jump into it.
Day 3 - Internet Security Technologies
We started off today by talking about attacks, specifically the attack that Kevin Mitnick used against Tsutomu Shimomura’s home network during Christmas 1994. Mitnick was able to gain root-level access to a system on Shimomura’s network in the efforts to grab some schmatics that Mitnick though Shimomura had on his network. The attack was a good lesson in how hackers can use the simplest tools to take control of machines and even whole networks. Then we analyzed what could have been some defensive measures for Shimomura to use. We talked about patching systems, disabling unused services, using a host-based intrusion detection (HIDS) and network-based intrusion detection (NIDS) [even though I don't think that there was any such thing in 1994 like that], use of a network vulnerability scanner, or use of a firewall. Any one of these could have probably protected Shimomura’s network from Kevin Mitnick. We then discussed a number of other common types of attacks including malicious code [in worms, malware, spyware, or trojans], denials of service, physical attacks, buffer overflows, flooding, spam, rootkits and brute force attacks. It was eye opening to look at all of these different types of attacks at one time. I had heard of all of them before, but I never realized how susceptible our systems are until today.
Our next module covered firewalls and honeypots. We all know what firewalls do and how they work, but I was not very familiar with honeypots. I had heard the term, and knew it was a kind of target for hackers to hit, but that was about it. We talked a WHOLE LOT about honeypots and their purpose in your Security Plan. I don’t think that a honeypot is something that I will have the need to use in my current gig, but it is nice to understand a little bit more about them.
Another topic that held much interest for me was up next: vulnerability scanning. We talked a lot about the different tools that are available for scanning your network. We preceded the tools discussion with a good discussion of threat types and vectors, different concerns and some ways that firewalls get subverted. Our tools discussion started with network mapping tools like Legion, Queso, Nmap and HPing. We moved onto a discussion of network, and more specifically, port scanning. We talked about the dangers of scanning to your network with tools like Nmap. We then talked about some of the big guns in vulnerability scanning: Nessus. We got to play around with it in our lab sessions and I am looking forward to even more time with it on my home network. We hit a little on wireless scanning after all of that and talked about some of the tools for wifi scanning: Network Stumbler and Kismet. Then a brief discussion about war driving/dialing ended our vulnerability scanning discussion.
Our next module dealt with intrusion detection systems (IDS), and their tools. We talked a lot about what IDS can and cannot do for your network. This is another part of security that I am not using currently, or know very much about it. Then we looked at one of the big dogs on the IDS block: Snort. We looked at some Snort output and some Snort rules and their flexibility. We moved from the network to the host with talks of host-based intrusion detection systems (HIDS). We looked at the differences between NIDS and HIDS and how each are a necessity on your network. Then we looked at some of the tools that are used: Tripwire, Xinted, Syslog and Port Sentry.
Straight away from the detection discussion, we moved to the intrusion prevention systems (IPS). This discussion was very closely related to the IDS discussion. We talked about what it can do, and what it cannot do, and how a lot of vendors who have a good piece of security software are starting to add IDS to their arsenal. So there are good firewalls (like CheckPoint Firewall or the new Cisco ASA) and add an IPS. There are good anti-virus (Norton Antivirus) and add a IPS.
Our last topic for discussion today was about IT risk management. This is really for us IT folks to be able to make reports for our executives. Apparently, execs like pie charts (so we were told by Matt Pierce, our instructor). This also led to a discussion of best practices and how to standardize your installs to mitigate risk management. Then we finished the day with threat assessment and analysis and how to write reports to management.
It was another great day of training for me. We got to play with Nessus, Nmap, and HPing in our bootcamp sessions. I learned a lot about some technologies that I was not very familiar with at the beginning of the day.
Tomorrow: Secure Communications + a BONUS: An FBI Agent will come in and talk about cyber crime and security. I am REALLY looking forward to that.
Blogged with Flock
Popularity: 97% [?]
1 Comment