CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [116]
Know the aspects needed to form an effective incident response. The stages of an incident response are identification, investigation, repair, and documentation. Communication and escalation plans are also part of an effective incident response approach. The process and methods used to respond to incidents should be developed into an incident response plan that can be used as a guideline for all incident response activities.
Know the protocols and components of a wireless system. The backbone of most wireless systems is WAP. WAP can use the WEP protocol to provide security in a wireless environment. WTLS is the security layer of WAP. WAP and TCP/IP perform similarly.
Know the capabilities and limitations of the 802.11x network standards. The current standards for wireless protocols are 802.11, 802.11a, 802.11b, and 802.11g. The 802.11n standard is undergoing review and isn’t yet a formal standard.
Know the vulnerabilities of wireless networks. The primary method of gaining information about a wireless network is a site survey. Site surveys can be accomplished with a PC and an 802.11 card. Wireless networks are subject to the same attacks as wired networks.
Know the capabilities and security issues associated with instant messaging. IM is a rapidly growing interactive communications capability on the Internet. IM is susceptible to sniffing, jamming, and viruses. Never assume that an IM session is confidential. Viruses can be sent using attachments in IM, just as with e-mail. Antivirus software can help filter for known viruses.
Know the limits of the 8.3 naming convention. Early PC systems used a standard naming convention for files called the 8.3 format. This format allowed for only eight characters to be used for the filename and three characters for the file type or extension.
Hands-On Labs
The labs in this chapter are as follows:
Lab 4.1: View the Active TCP and UDP Ports
Lab 4.2: Run Windows Network Monitor
Lab 4.3: Install snort in Linux
Lab 4.4: Make File Extensions Visible in Windows XP
Lab 4.5: Monitor Network Traffic in Linux
Lab 4.1: View the Active TCP and UDP Ports
As an administrator, you should know what ports are active on your server. The following lab will display this information:
1. Go to a command prompt. On a Windows-based server, enter CMD at the Run prompt; on a Linux server, open a command window.
2. Enter the command netstat.
3. Few items should appear. Now enter the command netstat -a. The—a parameter tells the netstat command to display all the information.
4. Note the ports that are listed.
5. View the services file (systemroot\system32\drivers\etc\services in Windows or /etc/services in Linux). Although the file is not actively read by the system, this file lists the services and the ports used for the most common network operations.
Lab 4.2: Run Windows Network Monitor
As an administrator of a Windows-based network, you should be familiar with Network Monitor. The following lab will run you through a sample session with it.
On a Windows-based server, follow these steps:
1. Choose Start Programs Administrative Tools Network Monitor (if it does not appear there, as it differs based upon the version of Windows Server you are running, check Microsoft Network Monitor).
2. Capture traffic data.
3. Go to the Desktop and open Network Neighborhood or My Network Places (depending on the version of Windows Server you’re using).
4. Double-click a domain or workstation that appears in the list (the number that appears depends on your network) and continue to expand the object as deep as you can—shares, files, and so on.
5. Return to Network Monitor and stop the capture.
6. Open the Details windows and see how much traffic the browsing operation generated.
Lab 4.3: Install snort in Linux
The de facto standard for intrusion detection in Linux is snort. To install the package on a SuSE server, follow these steps:
1. Log in as root and