8.0 Network and Endpoint Security
Chapter 8: Network and Endpoint Security
8.1 Operating System Hardening
Skill Overview: Harden an operating system to improve security.
Actions:
Manage automatic updates to keep the system secure.
Configure automatic updates for convenience and security.
Configure Microsoft Defender Firewall for network protection.
Key Terms
Patches: Supplemental code addressing security problems or functionality flaws.
Patch management: The process of identifying, testing, and deploying patches.
Allow list (whitelist): Only entities on this list are allowed access.
Block list (blacklist): All access is permitted except for those on this list.
Key Definitions
Patches: Units of code fixing security or functionality issues; classified as critical, security-critical, recommended, and optional.
Patch management: Involves identifying, testing, deploying updates to OS and applications.
Allow list: Access denied to entities unless they are on the list.
Block list: Access permitted unless explicitly prohibited.
Password Security
Complex Passwords: Important for security.
Multi-Factor Authentication (MFA): Combines three types of factors:
Something you know (password)
Something you have (token)
Something you are (biometric)
Limit Software Services
Actions:
Remove unnecessary software.
Disable non-essential services such as TFTP, Telnet, SNMP.
Security Software Types
Antivirus: Protects against viruses.
Anti-spyware: Protects against spyware.
Anti-rootkit: Detects and removes rootkits.
Baselines
Purpose: Define standards to ensure efficiency and security; help in detecting vulnerabilities.
Types:
Configuration baseline
Security baseline
Software & usage baseline
Patch Management
Management Software: Use WSUS.
Steps:
Determine necessary patches.
Test on small groups/labs.
Create system restore points.
Types of Patches:
Hotfix: Fixes specific issues and may be customer-specific.
Patch: Wider deployment, addresses security holes.
Service Pack: Collection of hotfixes and patches.
Summary of Best Practices
Use complex passwords
Limit administrative privileges
Remove unnecessary software
Disable non-essential services
Maintain baselines
Implement patch management
In-Class Practice
Labs: Configure Automatic Updates, Configure Microsoft Defender Firewall.
Class Discussion Points
What is system hardening and its benefits?
How to reduce a device's attack surface?
Importance of installing only needed software.
Define security baseline.
Difference between hotfix and patch.
8.2 File Server Security
Skill Overview
Configure NTFS permissions and disable inheritance.
Key Terms
Shared Folder: Accessible over a network.
Network-attached storage (NAS): A standalone storage device acting as a file server.
Storage Area Network (SAN): A high-speed network composed of shared storage.
File Server Security Best Practices
Prevent physical access.
Implement least privilege access.
Utilize disk encryption (always on, on-demand).
Remove unused services.
Enable auditing.
Securing Transfer Protocols
FTP: Unsecured.
Secured Methods:
VPN: For secure connections.
IPsec/SSH tunnels: Secure communication channels.
FTPS: Uses SSL and TLS for secure transfers.
Summary of Best Practices
Use secure protocols.
In-Class Practice
Labs: Configure NTFS permissions, Disable Inheritance.
Class Discussion Points
Identify inherited permissions.
Differences between Share and NTFS permissions.
Elements on which NTFS permissions can be set.
How to view permitted users for a drive.
8.3 Host Security
Skill Overview
Remove unnecessary services and install/update iptables.
Utilize Nmap
Scans for open ports and services.
Linux Host Security Utilities
Nmap & Netstat: For checking open ports and active connections.
Manual Updates: Ensure systems are current.
Host-Based Firewall
Differentiate between Linux System Firewalls.
Use
firewalldfor managing host firewalls:Install, verify, and manage firewall states and rules.
Summary of Best Practices
Unload/disable unused services.
Utilize Nmap and Netstat utilities.
Maintain system updates.
Use a host-based firewall.
Class Discussion Points
Identify unnecessary network services.
Importance of identifying open ports.
Utilities for open ports and network statistics.
Commands to disable unneeded services.
What are iptables?
8.4 Wireless Overview
Skill Overview
Configure a wireless connection.
Key Definitions
SSID: Unique name for a wireless network.
WAP: broadcasts data over radio waves.
Wireless Interface: connects devices to the WAP.
Wireless Networking Overview
Wireless LAN Controllers: Manage multiple access points.
Site Surveys
Types: Passive survey, Active survey, Predictive survey.
Summary of Survey Types
Passive survey: Observes existing wireless traffic.
Active survey: Sends probes to measure wireless coverage.
Predictive survey: Uses software/blueprints to determine coverage areas.
In-Class Practice
Labs: Configure Wireless Network.
Class Discussion Points
Device that broadcasts data over radio waves?
Modes of wireless network configuration.
Location of Wireless LAN Controllers.
8.5 Wireless Attacks
Skill Overview
Detect rogue hosts, configure rogue host protection.
Key Terms
Evil Twin: Deceptive access point mimicking legitimate networks.
Rogue Access Points: Unauthorized access points in the network.
Initialization Vector (IV): Seed value in encryption protocols.
Wireless Attacks Summary
Types of attacks: Evil Twin, Rogue Access Points, Jamming, Disassociation.
Attack Vectors: Blending exploit techniques to gain unauthorized access.
Summary of Wireless Security Threats
Identify rogue access points.
Analyze IV weaknesses and vulnerabilities in protocols.
In-Class Practice
Labs: Configure Rogue Host Protection.
Class Discussion Points
Differences between bluejacking and bluesnarfing.
Role of initialization vectors.
Discovering rogue access points.
8.6 Wireless Defenses
Skill Overview
Harden a wireless network and configure wireless intrusion prevention systems (WIPS).
Key Terms
WPA: Commonly used cryptographic protocol for wireless networks.
Pre-Shared Key (PSK): Method requiring a passphrase for connection.
Key Wireless Security Practices
Use WPA2/WPA3 protocols for encryption.
Implement MAC address filtering and SSID management.
Certification and Encryption
Implement certificate authority protocols to authenticate communications.
In-Class Practice
Labs: Harden a Wireless Network, Configure WIPS.
8.7 Data Transmission Security
Skill Overview
Implement secure protocols like TLS for data encryption.
Key Terms
SSL: Older protocol for secure internet communications.
TLS: Successor to SSL, offers enhanced protection.
Secure Protocols Summary
Understand the role of SSL/TLS in secure communications.
Implementation of IPsec for added security.
In-Class Practice
Labs: Allow SSL Connections.
Class Discussion Points
SSL verification processes.
Differences between HTTPS and S-HTTP.
Functionality of IPsec modes (Tunnel vs. Transport).
8.8 Web Application Security
Skill Overview
Tackle common vulnerabilities like SQL injection and XSS.
Key Terms
Cross-Site Scripting (XSS): Script injection aimed at web pages.
SQL Injection: Exploiting database interactions via input vulnerabilities.
Injection Attack Details
Understand various forms of injection attacks, defenses and mitigation techniques.
Summary of Web Application Security Practices
Importance of clearing caches, proper input handling, and making systems resilient to attacks.
Class Discussion Points
Common forms of web application attacks and mitigation strategies.
8.9 Application Development and Security
Skill Overview
Apply security measures to applications using frameworks and lifecycle models.
Key Terms
Normalization: Data organization to avoid redundancy.
Stored Procedures: Execute commands efficiently in databases.
Development Lifecycle Summary
Differentiate between Waterfall and Agile methodologies.
Application security testing methods for various stages of development.
In-Class Practice
Labs: Implement Application Whitelisting with AppLocker, Data Execution Prevention.