Describe the various techniques and tools for network security.
Operations Security (OpSec) starts with the planning and implementation of a network. The security team identifies risks and vulnerabilities during design and adapts accordingly during the operation phase.
OpSec focuses on continual maintenance and adapting the network to evolving threats.
Manual vs Automated Testing:
Manual tests may be used for specific, targeted checks, while automated tools can conduct regular scans and checks across networks.
Security staff should be skilled in device hardening, firewalls, IPSs, network protocols, and vulnerabilities/risk mitigation.
Security Test and Evaluation (ST&E): After a network is operational, an ST&E evaluates the security measures, identifies flaws, and checks compliance with security policies.
Key objectives:
Identify design, implementation, or operational flaws.
Assess the adequacy of security mechanisms.
Ensure system documentation aligns with implementation.
Periodic Testing: Tests should be repeated after system updates or changes.
Penetration Testing: Simulates attacks to identify vulnerabilities and the potential consequences of successful attacks.
Network Scanning: Detects open ports and identifies active resources.
Vulnerability Scanning: Identifies weaknesses in systems and services.
Password Cracking: Tests for weak passwords.
Log Review: Inspects logs for unusual or unauthorized activity.
Integrity Checkers: Detects unauthorized changes in the system.
Virus Detection: Identifies and removes malware.
Nmap/Zenmap:
Nmap: Discovers network devices and services, performing tasks like TCP/UDP port scanning, operating system identification, and remote host fingerprinting.
Zenmap: The graphical frontend for Nmap, providing an easier-to-use interface.
SuperScan:
A Microsoft Windows tool for TCP/UDP port scanning.
Features include adjustable scanning speed, host detection, and banner grabbing.
SIEM (Security Information Event Management):
Used for real-time monitoring and long-term analysis of security events in enterprise environments.
Functions include correlation, aggregation, forensic analysis, and retention of event data.
Provides detailed reports on security events, user actions, device info, and posture compliance.
GFI LANguard:
A network and security scanner that detects vulnerabilities.
Tripwire:
A tool for assessing and validating IT configurations.
Nessus:
A vulnerability scanner for detecting misconfigurations and assessing TCP/IP stack security.
L0phtCrack:
A password auditing and recovery tool.
Metasploit:
A tool for penetration testing, vulnerability scanning, and IDS signature development.
Operations Security (OpSec) begins in the planning phase and continues through the operational lifecycle of the network.
Security Testing involves various techniques to evaluate and identify vulnerabilities in the network. Key tests include pen testing, vulnerability scanning, log review, and password cracking.
Nmap/Zenmap and SuperScan are low-level tools commonly used for scanning networks and identifying vulnerabilities.
SIEM helps monitor and correlate security events for a more comprehensive understanding of potential threats.
Metasploit and Nessus are used for advanced vulnerability scanning and penetration testing to evaluate system defenses.