WSA v1.0 Slideshow

Web Security

Associate

Copyright © 2010 Certification Partners, LLC -- All Rights Reserved

Lesson 1:

What Is Security?


Lesson 1 Objectives

• 1.1.1: Define security

• 1.1.2: Identify the importance of network security

• 1.1.3: Identify potential risk factors for data security, including improper authentication

• 1.1.4: Identify security-related organizations, warning services and certifications

• 1.1.5: Identify key resources that need specialized security measures

• 1.1.6: Identify the general types of security threat/attacker

• 1.2.6: Select security equipment and software based on ease of use

Web Security Associate


Network Security Background

• Internet-related security threats:

– Security problems with browsers

– Attacks by hackers

– Threats from viruses

– Internet inherently insecure



What Is Security?

• Local area networks (LANs)

• Wide area networks (WANs)

• Virtual private networks (VPNs)

• Network perimeters

• Illicit servers

• Trojans



Hacker Statistics

• Reported incidents have risen steadily:

– From 252 in 1990

– To 9,859 in 1999

– To 137,529 in 2003

• Total vulnerabilities cataloged have also risen steadily:

– From 417 in 1999

– To 3,784 in 2003

– To 7,236 in 2007

• Losses due to security breaches are estimated at $67.2 billion (2005)



The Myth of

100-Percent Security

• Balance in security

• Security policies



Attributes of an

Effective Security Matrix

• Allows access control

• Easy to use

• Appropriate cost of ownership

• Flexible and scalable

• Superior alarming and reporting



What You Are

Trying to Protect

• End-user resources

• Network resources

• Server resources

• Information-storage resources



Who Is the Threat?

• Casual attackers

• Determined attackers

• Spies and industrial espionage

• End users



Security Standards

• Security Services (ISO 7498-2)

– Authentication

– Access control

– Data confidentiality

– Data integrity

– Non-repudiation

• Security mechanisms

• Other government and industry standards in addition to ISO 7498-2



Lesson 1 Summary

 1.1.1: Define security

 1.1.2: Identify the importance of network security

 1.1.3: Identify potential risk factors for data security, including improper authentication

 1.1.4: Identify security-related organizations, warning services and certifications

 1.1.5: Identify key resources that need specialized security measures

 1.1.6: Identify the general types of security threat/attacker

 1.2.6: Select security equipment and software based on ease of use



Lesson 2:

Elements of Security


Lesson 2 Objectives

• 1.1.7: Identify ways in which increased security mechanisms can result in increased latency

• 1.1.8: Define the significance of a security policy

• 1.1.9: Identify and develop basic components of an effective security policy

• 1.1.10: Identify the key user authentication methods

• 1.1.11: Define the significance of access control methods

• 1.1.12: Define the functions of access control lists (ACLs) and execution control lists (ECLs)

• 1.2.1: Identify the three main encryption methods used in internetworking

• 1.2.5: Identify the importance of auditing

• 1.2.6: Select security equipment and software based on ease of use

• 1.2.7: Identify security factors related to transmission of unencrypted data across the network

• 1.2.9: Identify the significance of encryption in enterprise networks



Security Elements and Mechanisms

Elements of effective security

Audit Administration

Encryption Access Control

User Authentication

Corporate Security Policy



The Security Policy

• Classify systems

• Prioritize resources

• Assign risk factors

• Define acceptable and unacceptable activities

• Define security measures to apply to resources

• Define education standards for employees

• Determine who is responsible for administering the policies



Determining Backups

• To recover data lost due to an attack:

– Enable a backup device

– Enable a backup service



Encryption

• Encryption categories

– Symmetric

– Asymmetric

– Hash

• Encryption services

– Data confidentiality

– Data integrity

– Authentication

– Non-repudiation

• Encryption strength



Authentication

• Authentication methods

– What you know

– What you have

– Who you are

– Where you are



Specific

Authentication Techniques

• Kerberos

• One-time passwords (OTP)



Access Control

• Access Control List (ACL)

– Objects

– Common permissions

• Execution Control List (ECL)

– Sandboxing



Auditing

• Passive auditing

• Active auditing



Security Tradeoffs and Drawbacks

• Increased complexity

• Slower system response time

• Consider:

– Ease of installation

– An intuitive interface

– Effective customer support



Lesson 2 Summary

 1.1.7: Identify ways in which increased security mechanisms can result in increased latency

 1.1.8: Define the significance of a security policy

 1.1.9: Identify and develop basic components of an effective security policy

 1.1.10: Identify the key user authentication methods

 1.1.11: Define the significance of access control methods

 1.1.12: Define the functions of access control lists (ACLs) and execution control lists (ECLs)

 1.2.1: Identify the three main encryption methods used in internetworking

 1.2.5: Identify the importance of auditing

 1.2.6: Select security equipment and software based on ease of use

 1.2.7: Identify security factors related to transmission of unencrypted data across the network

 1.2.9: Identify the significance of encryption in enterprise networks



Lesson 3:

Applied Encryption


Lesson 3 Objectives

• 1.2.2: Define symmetric (private-key) encryption

• 1.2.3: Define asymmetric (public-key) encryption, including distribution schemes, Public Key Infrastructure (PKI)

• 1.2.4: Define one-way (hash) encryption

• 1.2.8: Identify the function of parallel processing in relation to cryptography

• 1.2.10: Identify the impact of encryption protocols and procedures on system performance

• 1.2.11: Create a trust relationship using public-key cryptography

• 1.2.12: Identify specific forms of symmetric, asymmetric and hash encryption, including Advanced Encryption

Standard (AES)

• 1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu Privacy

Guard (GPG) in Windows and Linux/UNIX systems



Reasons to Use Encryption

• Make data confidential

• Help authenticate users

• Ensure data integrity



Creating Trust

Relationships

• Manually

• Automatically

• Rounds and parallelization



Symmetric-Key

Encryption

• One key is used to encrypt and decrypt messages

• Benefits and drawbacks of symmetric-key encryption



Symmetric-Key Algorithms

• Data Encryption

Standard (DES)

• Triple DES

• Symmetric algorithms created by RSA Security

Corporation

• International Data

Encryption

Algorithm (IDEA)

• Blowfish

• Twofish

• Skipjack

• MARS

• Rijndael

• Serpent

• Advanced

Encryption

Standard (AES)



Asymmetric-Key

Encryption

• Benefits and drawbacks of asymmetric-key encryption

• How do browsers use public-key encryption?

• Asymmetric-key encryption elements

– RSA

– DSA

– Diffie-Hellman



One-Way (Hash)

Encryption

• Signing data

• Hash algorithms

– MD2, MD4 and MD5

– Secure hash algorithm

– MD5sum utility (Linux)



Applied

Encryption Processes

• E-mail

– PGP and GPG

– Secure MIME

– Proprietary asymmetric encryption

• Encrypting drives

– Secure Sockets Layer (SSL) and Secure

HTTP

– Transport Layer Security / Secure Sockets

Layer (TLS/SSL)



Encryption Review

• Encryption

• Authentication

• Key

• Symmetric-key (private-key) encryption

• Asymmetric-key (public-key) encryption

• Message integrity by hash mark and signature



Lesson 3 Summary

 1.2.2: Define symmetric (private-key) encryption

 1.2.3: Define asymmetric (public-key) encryption, including distribution schemes, Public Key

Infrastructure (PKI)

 1.2.4: Define one-way (hash) encryption

 1.2.8: Identify the function of parallel processing in relation to cryptography

 1.2.10: Identify the impact of encryption protocols and procedures on system performance

 1.2.11: Create a trust relationship using public-key cryptography

 1.2.12: Identify specific forms of symmetric, asymmetric and hash encryption, including Advanced

Encryption Standard (AES)

 1.4.1: Deploy Pretty Good Privacy (PGP) / Gnu Privacy

Guard (GPG) in Windows and Linux/UNIX systems



Lesson 4:

Types of Attacks


Lesson 4 Objectives


• 1.4.3: Identify specific types of security attacks

• 1.4.4: Identify a brute-force attack

• 1.4.5: Identify a dictionary attack

• 1.4.6: Identify routing issues and security

• 1.4.7: Determine the causes and results of a denial-of-service (DOS) attack

• 1.4.8: Recognize attack incidents

• 1.4.9: Distinguish between illicit servers and trojans



Network Attack Categories

• Brute force

• Dictionary

• System bugs

• Back doors

• Malware

• Social engineering

• Denial of service (DOS)

• Distributed denial of service (DDOS)

• Spoofing

• Scanning

• Man in the middle

• Bots and botnets

• SQL injection



Brute-Force and

Dictionary Attacks

• Brute-force attack

– Repeated access attempts

• Dictionary attack

– Customized version of brute-force attack



System Bugs and Back Doors

• Bug

– Unintentional flaw in a program

• Back door

– Deliberately-placed opening in an operating system

• Buffer overflow



Malware

(Malicious Software)

• Viruses

• Worms

• Trojans and root kits

• Illicit servers

• Logic bombs

• Zero-day attacks

• Managing viruses, worms and illicit programs

• Avoiding viruses, worms and trojans



Social Engineering Attacks

• Call and ask for password

• Fake e-mail

• Phishing

• Pharming

• Securing desktops



Denial-of-Service (DOS) Attacks

• Flooding

• Malformed packets

– Teardrop/Teardrop2

– Ping of Death

– Land attack

– Miscellaneous attacks

• Physical denial-of-service attacks



Distributed Denial-of-Service (DDOS) Attacks

• Components:

– Controlling application

– Illicit service

– Zombie

– Target

• Smurf and Fraggle attacks

• Ways to diagnose DOS and DDOS attacks

• Mitigating vulnerability and risk

• Unintentional DOS



Spoofing Attacks

• IP spoofing

• ARP spoofing

• DNS spoofing

• Spoofing and traceback

• Protecting against spoofing attacks



Scanning Attacks

• Stack fingerprinting and operating system detection

• Sequence prediction

• Network Mapper (Nmap)



Man-in-the-Middle Attacks

• Packet sniffing and network switches

• Connection hijacking

• Registration hijacking

• Voicemail compromises

• Impersonated calls

• DNS and ARP cache poisoning

• Avoiding man-in-the-middle attacks



Bots and Botnets

• Bot

– Software application that runs automated, repetitive tasks over the Internet

• Botnet

– Group of computers infected with a bot

• Avoiding bot attacks



SQL Injection

• SQL injection

– Hacking technique in which malicious code is inserted into SQL command strings

• Preventing SQL injection attacks



Auditing

• Checking password databases regularly

• Checking log files

• Scanning systems

• Identifying information leakage

– Necessary information

– Unnecessary information



Lesson 4 Summary


 1.4.3: Identify specific types of security attacks

 1.4.4: Identify a brute-force attack

 1.4.5: Identify a dictionary attack

 1.4.6: Identify routing issues and security

 1.4.7: Determine the causes and results of a denial-of-service (DOS) attack

 1.4.8: Recognize attack incidents

 1.4.9: Distinguish between illicit servers and trojans



Lesson 5:

Recent Networking

Vulnerability Considerations


Lesson 5 Objectives



• 1.4.3: Identify specific types of security attacks

• 1.4.8: Recognize attack incidents

Additional topics:

• Security issues associated with wireless network technologies

• Security issues associated with convergence networking technologies

• Security issues associated with Web 2.0 technologies

• Additional security issues, including greynet applications, data at rest, trusted users within an organization, anonymous downloads and indiscriminate link-clicking



Wireless Network

Technologies and Security

• Wireless Ethernet elements

• Wireless signals

– FHSS

– DSSS

– OFDM



IEEE 802.11

Wireless Standards

• 802.11 (WiFi)

• 802.11a

• 802.11b

• 802.11e

• 802.11g

• 802.11h

• 802.11i

• 802.11n (most current)



Wireless Networking Modes

• Ad-hoc mode

• Infrastructure mode

• Wireless access points (APs)

– Wireless cells

– Authentication types in wireless networks

– BSSID

– SSID

– Wireless AP beacon

• Host association



Wireless

Application Protocol (WAP)

• WAP services:

– Uniform scripting standards for wireless devices

– A method of encrypting devices from

WAP-enabled phones

• Wireless Transport Layer Security (WTLS):

– WTLS benefits

– Problems with WTLS

• Languages used in WAP



Wireless

Network Security Problems

• Cleartext transmission

• Access control

• Unauthorized APs and wireless systems

• Corporate users participating in ad hoc networks

• Weak and/or flawed encryption

• Encryption and network traffic

• War driving



Wireless

Network Security Solutions

• WEP

• MAC address filtering

• WPA2 (802.11i)

• IEEE 802.1x

• RADIUS

• Physical and configuration solutions



Site Surveys

• Authorized site surveys

– Site surveys after implementation

• Unauthorized site surveys

– War driving/war walking

– Examples of site surveying software



Convergence

Networking and Security

• Convergence technologies and equipment:

– Private Branch Exchange (PBX)

– Voice over IP (VoIP) devices

– End-user telephone connections

• Virtual LANs (VLANs)

• VLAN hopping

• Firewall conflicts

• DNS loops



Web 2.0 Technologies

• Ajax

• Wikis

• Blogs

• Really Simple Syndication (RSS)

• Podcasts

• Folksonomy



Greynet Applications

• Instant messaging (IM)

• Peer-to-peer (P2P) applications

• File transfer and the 8.3 naming convention

• Securing IM and P2P



Vulnerabilities with Data at Rest

• Data on network drives and in network shares

• Data on vulnerable systems

• Database data and SQL injection



Security Threats from Trusted Users

• Security breaches due to:

– Carelessness

– Noncompliance with established security measures

– Following inadequate security policies



Anonymous Downloads and Indiscriminate Link-Clicking

• Poisoned Web sites

• Drive-by downloads

• Guidelines to help avoid contact with poisoned Web sites



Lesson 5 Summary



 1.4.3: Identify specific types of security attacks

 1.4.8: Recognize attack incidents

Additional topics:

 Security issues associated with wireless network technologies

 Security issues associated with convergence networking technologies

 Security issues associated with Web 2.0 technologies

 Additional security issues, including greynet applications, data at rest, trusted users within an organization, anonymous downloads and indiscriminate link-clicking



Lesson 6:

General Security Principles


Lesson 6 Objectives

• 1.3.1: Identify the universal guidelines and principles of effective network security

• 1.3.2: Define amortization and chargeback issues related to network security architectures

• 1.3.3: Use universal guidelines to create effective specific solutions



Common

Security Principles

• Be paranoid

• Have a security policy

• No system or technique stands alone

• Minimize damage

• Deploy companywide enforcement

• Provide training

• Integrate security strategies

• Place equipment according to needs

• Identify security business issues

• Consider physical security



Lesson 6 Summary

 1.3.1: Identify the universal guidelines and principles of effective network security

 1.3.2: Define amortization and chargeback issues related to network security architectures

 1.3.3: Use universal guidelines to create effective specific solutions



Lesson 7:

Protocol Layers and Security


Lesson 7 Objectives

• 1.3.4: Identify potential threats at different layers of the TCP/IP stack

• 1.3.7: Secure TCP/IP services, including

HTTP, FTP


• 1.4.7: Determine the causes and results of a denial-of-service (DOS) attack



TCP/IP Security Introduction

• TCP/IP protocol stack

• TCP/IP and network security



OSI Reference Model Review

• Application layer

• Presentation layer

• Session layer

• Transport layer

• Network layer

• Data link layer

• Physical layer



Data Encapsulation



The TCP/IP Stack and the OSI Reference Model



Link/Network Access Layer

• Media that defines this layer:

– Fiber

– Coaxial cable

– Twisted pair

– Free space (infrared, short-range wireless, microwave, satellite)

• Network topologies



Network/Internet Layer

• Internet Protocol (IP)

– Packets are not signed

– Packets are not encrypted

– Packets can be manipulated easily

• Internet Control Message Protocol (ICMP)

– ICMP message types

– Why block ICMP?



Transport Layer

• Transmission Control Protocol (TCP)

– The TCP handshake

– The TCP header

• Establishing a TCP connection:

– SYN and ACK

• Terminating a TCP connection:

– FIN and ACK

• User Datagram Protocol (UDP)

• Ports



Application Layer

• File Transfer Protocol (FTP)

– Active FTP

– Passive FTP

• Hypertext Transfer Protocol (HTTP)

• Telnet

• Simple Network Management Protocol

(SNMP)

• Domain Name System (DNS)

• Additional application layer protocols



Protocol Analyzers

• Monitor network traffic to identify network trends

• Identify network problems and send alert messages

• Identify specific problems

• Test network connections, devices and cables



Lesson 7 Summary

 1.3.4: Identify potential threats at different layers of the TCP/IP stack

 1.3.7: Secure TCP/IP services, including

HTTP, FTP


 1.4.7: Determine the causes and results of a denial-of-service (DOS) attack



Lesson 8:

Securing Resources


Lesson 8 Objectives

• 1.3.5: Consistently apply security principles

• 1.3.6: Identify ways to protect operating systems, routers and equipment against physical attacks

• 1.3.7: Secure TCP/IP services, including HTTP, FTP

• 1.3.8: Identify the significance of testing and evaluating systems and services

• 1.3.9: Identify network security management applications, including network scanners, operating system add-ons, log analysis tools

• 1.4.7: Determine the causes and results of a denial-ofservice (DOS) attack



TCP/IP

Security Vulnerabilities

• Internet Protocol version 4 (IPv4)

• Internet Protocol version 6 (IPv6)

• Determining which IP version to implement



Implementing Security

• Publish the security policy

• Categorize resources and needs

• Secure each resource and service

• Log, test and evaluate

• Repeat the process and keep current



Resources and Services

• Protecting services

– Protect against profiling

– Coordinate methods and techniques

– Protect services by changing default settings

– Remove unnecessary services



Protecting TCP/IP Services

• Specialized accounts

• The Web Server

• CGI scripts

– CGI and programming

• Securing Apache2

• FTP servers

– Access control



Simple Mail

Transfer Protocol (SMTP)

• The Internet Worm

• Buffer overflows

• The Melissa virus

• Access control for e-mail

• E-mail and virus scanning



Physical Security

• Protecting the network against common physical attacks

• Ensuring access control

• Securing wireless cells

• Shielding network equipment

• Securing removable media

• Controlling the environment

• Fire detection and suppression



Testing Systems

• Testing existing systems

• Implementing a new system or testing a new security setting



Security

Testing Software

• Specific tools

– Network scanners

– Operating system add-ons

– Logging and log analysis tools



Security and Repetition

• Understanding the latest exploits

• Continually improve and test your security system



Lesson 8 Summary

 1.3.5: Consistently apply security principles

 1.3.6: Identify ways to protect operating systems, routers and equipment against physical attacks

 1.3.7: Secure TCP/IP services, including HTTP, FTP

 1.3.8: Identify the significance of testing and evaluating systems and services

 1.3.9: Identify network security management applications, including network scanners, operating system add-ons, log analysis tools

 1.4.7: Determine the causes and results of a denial-ofservice (DOS) attack



Lesson 9:

Firewalls and

Virtual Private Networks


Lesson 9 Objectives


• 1.2.3: Define asymmetric (public-key) encryption, including distribution schemes, Public Key


• 1.4.2: Define IPSec concepts


• 1.5.1: Define the purpose and function of various firewall types

• 1.5.2: Define the role a firewall plays in a company's security policy

• 1.5.3: Define common firewall terms

• 1.5.4: Identify packet filters and their features

• 1.5.5: Identify circuit-level gateways and their features



Lesson 9 Objectives

(cont’d)

• 1.5.6: Identify application-level gateways and their features

• 1.5.7: Identify features of a packet-filtering firewall, including rules, stateful multi-layer inspection

• 1.5.8: Identify fundamental features of a proxy-based firewall (e.g., service redirection, service passing, gateway daemons), and implement proxy-level firewall security

• 1.5.9: Define the importance of proxy caching related to performance

• 1.6.1: Implement a packet-filtering firewall

• 1.6.2: Customize your network to manage hacker activity



Definition and

Description of a Firewall

• Firewall

• Demilitarized zone (DMZ)

• Daemon



The Role of a Firewall

• Implement a company’s security policy

• Create a choke point

• Log Internet activity

• Limit network host exposure



Firewall Terminology

• Packet filter

• Proxy server

– Application-layer proxy

– Circuit-level proxy

• Network Address Translation (NAT)

• Bastion host

• Operating system hardening

• Screening and choke routers

• Demilitarized zone (DMZ)

• Web security gateway



Firewall Configuration Defaults

• By default, a firewall can be configured to either:

– Deny all traffic, in which case you would specify certain types of traffic to allow in and out of your network

– Allow all traffic, in which case you would specify certain types of traffic to deny



Creating

Packet Filter Rules

• Process

• Rules and fields

• Standard FTP clients and creating packet filter rules

• Passive FTP clients and packet filter rules



Packet Filter

Advantages and Disadvantages

• Drawbacks

• Stateful multi-layer inspection

– Popular packet-filtering products

• Using the ipchains and iptables commands in

Linux



Configuring

Proxy Servers

• Recommending a proxy-oriented firewall

• Proxy server advantages and features

– Authentication

– Logging and alarming

– Caching

– Fewer rules

– Reverse proxies and proxy arrays

• Proxy server drawbacks

– Client configuration

– Speed



URL Filtering

• Techniques to filter outbound URLs

• Techniques to filter inbound URLs



Remote Access and

Virtual Private Networks (VPNs)

• Three types of VPNs:

– Workstation-to-server

– Firewall-to-firewall

– Workstation-to-workstation

• Tunneling protocols

• Internet Protocol Security (IPsec)

• Point-to-Point Tunneling Protocol (PPTP)

• Layer 2 Tunneling Protocol (L2TP)

• VPN vulnerabilities



Public Key


• PKI standards

– Based on X.509 standard

• PKI terminology

• Certificates



Lesson 9 Summary


 1.2.3: Define asymmetric (public-key) encryption, including distribution schemes, Public Key


 1.4.2: Define IPSec concepts


 1.5.1: Define the purpose and function of various firewall types

 1.5.2: Define the role a firewall plays in a company's security policy

 1.5.3: Define common firewall terms

 1.5.4: Identify packet filters and their features

 1.5.5: Identify circuit-level gateways and their features



Lesson 9 Summary

(cont’d)

 1.5.6: Identify application-level gateways and their features

 1.5.7: Identify features of a packet-filtering firewall, including rules, stateful multi-layer inspection

 1.5.8: Identify fundamental features of a proxy-based firewall (e.g.; service redirection, service passing, gateway daemons), and implement proxy-level firewall security

 1.5.9: Define the importance of proxy caching related to performance

 1.6.1: Implement a packet-filtering firewall

 1.6.2: Customize your network to manage hacker activity



Lesson 10:

Levels of

Firewall Protection


Lesson 10 Objectives


• 1.5.1: Define the purpose and function of various firewall types

• 1.5.3: Define common firewall terms

• 1.6.1: Implement a packet-filtering firewall




Designing a Firewall

• Firewall design principles

– Keep design simple

– Make contingency plans



Types of Bastion Hosts

• Single-homed bastion host

• Dual-homed bastion host

• Triple-homed bastion host

• Internal bastion hosts



Hardware Issues

• Choosing the operating system

• Firewall appliances

• Services

• Daemons

• Proxy servers



Common

Firewall Designs

• Screening routers

• Screened host firewall (single-homed bastion)

• Screened host firewall (dual-homed bastion)

• Screened subnet firewall (demilitarized zone)



Lesson 10 Summary


 1.5.1: Define the purpose and function of various firewall types

 1.5.3: Define common firewall terms

 1.6.1: Implement a packet-filtering firewall




Lesson 11:

Detecting and

Distracting Hackers




• 1.6.3: Implement proactive detection

• 1.6.4: Distract hackers and contain their activity

• 1.6.5: Deploy tripwires and other traps on a network host



Proactive

Detection

• Automated security scans

• Login scripts

• Automated auditing



Distracting the Hacker

• Dummy accounts

• Dummy files

– Dummy password files

• Tripwire scripts

• Automated checksums

• Jails



Deterring the Hacker

• Methods for deterring hackers

– Log traffic and send e-mail messages

– Conduct reverse scans

– Drop the connection

– Contact the ISP

• Tools for responding to hackers

• Problems with retaliation



Lesson 11 Summary


 1.6.3: Implement proactive detection

 1.6.4: Distract hackers and contain their activity

 1.6.5: Deploy tripwires and other traps on a network host



Lesson 12:

Incident Response



• 1.6.6: Respond appropriately to a security breach

• 1.6.7: Identify security organizations that can help in case of system attack

• 1.6.8: Subscribe to respected security alerting organizations

• 1.6.9: Identify appropriate authorities to contact regarding data theft and other attacks



Creating an

Incident Response Policy

• Decide ahead of time

• Do not panic

• Document everything



Determining if an Attack Has Occurred

• Determine the scope of the breach

• Stop or contain activity



Executing the Response Plan

• Notifying affected individuals

• Notifying appropriate authorities

• Notifying Internet agencies



Analyzing and Learning

• Ask questions of everyone involved

• Record specific lessons you have learned

• Update your security policy



Lesson 12 Summary

 1.6.6: Respond appropriately to a security breach

 1.6.7: Identify security organizations that can help in case of system attack

 1.6.8: Subscribe to respected security alerting organizations

 1.6.9: Identify appropriate authorities to contact regarding data theft and other attacks




 What Is Security?

 Elements of Security

 Applied Encryption

 Types of Attacks

 Recent Networking Vulnerability Considerations

 General Security Principles

 Protocol Layers and Security

 Securing Resources

 Firewalls and Virtual Private Networks

 Levels of Firewall Protection

 Detecting and Distracting Hackers

 Incident Response



WSA v1.0 Slideshow

Web Security

Associate

Related documents

Products

Support

WSA v1.0 Slideshow

Web Security

Associate

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib