Summary

In this chapter, we covered most of the major points concerning communications monitoring, IDS, wireless technologies, and instant messaging. Your network infrastructure is vulnerable, but the situation is not hopeless. Tools exist to help you do your job.

Many different protocols may exist in your network. Each protocol will have its own strengths and weaknesses. You must know what they are and how to deal with them. Network product vendors have become very forthcoming about their product's vulnerabilities; make sure you consult them to determine what problems exist.

Protocols such as NetBEUI and NetBIOS are not routable protocols, but they can be encapsulated in TCP/IP traffic and shipped to other networks using VPN technology.

The primary tools used to detect attacks are network monitors and Intrusion Detection Systems. Network monitors involve manual monitoring and can be difficult to use.

IDS systems identify and respond to attacks using defined rules or logic. These systems can track either anomalies in network traffic or misuses of protocols. IDS systems can also be established to monitor an entire network or used to monitor a host. These systems are referred to as either N-IDS or H-IDS systems. N-IDS systems can make active or passive responses, while H-IDS systems are usually capable of passive responses.

A honey pot is a system that is designed to entice or entrap an attacker. Enticement is inviting or luring an attacker to the system. Entrapment is the process of encouraging an attacker to perform an act, even if they don't want to do it. Entrapment is a valid legal defense in criminal proceedings.

An incident occurs when an attack or theft of data has occurred in your network. The steps in incident response include identifying, investigating, repairing, and documenting the incident, and afterward adjusting procedures to help in future incidents.

Wireless systems are becoming increasingly popular and standardized. The most common protocol implemented in wireless systems is WAP. The security layer for WAP is WTLS. WAP is equivalent to TCP/IP for wireless systems.

The standards for wireless systems are developed by the IEEE. The most common standards are 802.11, 802.11a, 802.11b, and the still-not-finalized 802.11g. These standards use the 2.4GHz or 5GHz frequency spectrum. Several communications technologies are available to send messages between wireless devices.

The WEP protocol was designed for security in wireless devices. Recently, WEP has experienced several serious security problems.

Wireless networks are vulnerable to site surveys. Site surveys can be accomplished using a PC and an 802.11 card. The term site survey is also used in reference to detecting interference in a given area that might prevent 802.11 from working.

Instant messaging is a growing application on the Internet. IM uses synchronized servers to provide instantaneous communications, such as chatting, between users on a global basis. IM is vulnerable to malicious code and packet sniffing. Information that is sensitive should be encrypted before being sent, or other methods should be found to send it.

The process of gathering information about a computer network uses methodologies called signal analysis and signal intelligence. These methods have been used by governmental agencies for many years. As a security expert, your job is to act as a counter-intelligence agent to prevent sensitive information from falling into the wrong hands.

The methods used to gain information about your environment include footprinting, scanning, and enumeration.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net