Network Security & Incident Response: A Comprehensive Guide

Classified in Technology

Written at on English with a size of 6.56 KB.

Network Security Essentials

Common Protocols and Ports

  • TCP: Transmission Control Protocol
  • SSH (TCP 22): Secure Shell
  • Telnet (TCP 23): Insecure remote access
  • HTTP (TCP 80): Hypertext Transfer Protocol
  • HTTPS (TCP 443): Secure HTTP using SSL/TLS
  • SSL/TLS: Encrypts web server communication with RSA and public/private key encryption
  • FTP (TCP 21): File Transfer Protocol
  • TFTP (UDP 69): Trivial File Transfer Protocol (no authentication or encryption)
  • SNMP (UDP 161): Simple Network Management Protocol
  • LDAP (TCP 389): Lightweight Directory Access Protocol
  • NetBIOS (UDP 137/138): Network Basic Input/Output System
  • Kerberos (UDP 88): Authentication protocol

Network Architecture

Internet → Router → Firewall → DMZ → Servers → Internal Network

  • NAT/PAT: Network/Port Address Translation
  • Proxy Server: Intermediary for client requests

Intrusion Detection Systems (IDS)

  • Anomaly-based IDS: Detects deviations from normal behavior
  • Signature-based IDS: Matches known attack patterns
  • Honeypot: Decoy system to attract attackers
  • Passive IDS: Monitors and logs suspicious activity
  • Active IDS: Takes action to block or mitigate attacks

Wireless Security

  • WPA2/3: Wi-Fi Protected Access 2/3
  • TKIP/AES: Encryption protocols
  • EAP: Extensible Authentication Protocol
  • PEAP: Protected EAP
  • PEAP-TLS: PEAP with Transport Layer Security
  • MAC Address Filtering: Restricts access based on MAC addresses

Wireless Attacks

  • Evil Twin: Rogue access point mimicking a legitimate one
  • Bluejacking: Sending unsolicited messages via Bluetooth
  • Bluesnarfing: Stealing data via Bluetooth
  • War Driving: Searching for open Wi-Fi networks

VPN and Authentication

  • PPTP: Point-to-Point Tunneling Protocol
  • IPSec: Internet Protocol Security (Transport and Tunnel modes)
  • SSL/Remote Access VPN: Secure remote access using SSL
  • Site-to-Site VPN: Connects two networks securely
  • PAP/CHAP/MSCHAPv2: Password Authentication Protocol/Challenge-Handshake Authentication Protocol/Microsoft CHAP version 2
  • RADIUS/TACACS+: Remote Authentication Dial-In User Service/Terminal Access Controller Access-Control System Plus
  • 802.1x/RADIUS: Port-based network access control

System Hardening and Security Policies

Hardening Best Practices

  • Disable unused accounts and services
  • Change default passwords
  • Install antivirus and firewall

Security Policies

  • Audit policy
  • Network security policy

Security Baselines

  • Provides a secure starting point
  • Reduces total cost of ownership

Virtualization Security

Benefits of Virtualization

  • Reduced cost
  • Isolated testing environment
  • Increased availability

Risks of Virtualization

  • VM escape vulnerabilities
  • Data theft due to VM file storage

Patch Management

Patch Types

  • Hotfix: Addresses a specific issue
  • Service Pack: Collection of updates and fixes

Patch Management Best Practices

  • Test patches in an isolated environment
  • Deploy patches systematically

Hardware Security

  • TPM: Trusted Platform Module
  • BitLocker: Full disk encryption
  • HSM: Hardware Security Module

Cloud Computing Security

Cloud Service Models

  • SaaS: Software as a Service
  • IaaS: Infrastructure as a Service
  • PaaS: Platform as a Service

Malware and Threats

Types of Malware

  • Virus: Self-replicating malicious code
  • Worm: Spreads independently across networks
  • Trojan: Disguised as legitimate software
  • Ransomware: Encrypts data and demands payment
  • Logic Bomb: Executes malicious code under specific conditions
  • Rootkit: Conceals malware presence
  • Backdoor: Provides unauthorized access
  • Spyware: Collects information without user consent

Malware Detection Methods

  • Signature-based detection
  • Heuristic-based detection

Social Engineering

Common Social Engineering Tactics

  • Phishing: Deceptive emails or websites
  • Spear Phishing: Targeted phishing attacks
  • Dumpster Diving: Searching for discarded information
  • Shoulder Surfing: Observing sensitive information over someone's shoulder
  • Tailgating: Gaining unauthorized access by following someone
  • Impersonation: Pretending to be someone else

Security Policies and Procedures

  • Security Policy: High-level document outlining security guidelines
  • Security Procedure: Specific steps to implement security policies
  • Clean Desk Policy: Protecting sensitive information in the workplace
  • Account Disablement Policy: Deactivating unused accounts
  • Acceptable Use Policy: Defining appropriate use of resources
  • Change Management Policy: Managing system changes
  • Mandatory Vacations: Detecting fraudulent activities
  • Separation of Duties: Preventing conflicts of interest
  • Job Rotation: Enhancing security awareness and cross-training

Incident Response

Incident Response Steps

  1. Isolate and contain the affected systems
  2. Examine the incident
  3. Recover and restore systems
  4. Review and learn from the incident

Incident Response Best Practices

  • Order of Volatility: Prioritizing evidence collection
  • System Image: Creating a snapshot of the affected system
  • Chain of Custody: Maintaining the integrity of evidence
  • Record Time Offset: Documenting time differences
  • Footprint: Minimizing impact during investigation
Karma: 8%
Visits: 0

Entradas relacionadas:

Tags:
incident response vulnerabilities network security threats cybersecurity