CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [93]
Be able to describe the two primary methods used for network monitoring. The primary methods used for network monitoring are sniffers and IDSs. Sniffers are passive and can provide real-time displays of network traffic. They’re intended to be used primarily for troubleshooting purposes, but they’re one of the tools used by attackers to determine what protocols and systems you’re running. IDSs are active devices that operate to alert administrators of attacks and unusual events. This is accomplished by automatically reviewing log files and system traffic and by applying rules that dictate how to react to events. An IDS, when used in conjunction with firewalls, can provide excellent security for a network.
Understand the various types and capabilities of the media used in a network. Network media is wire, fiber, or wireless based. Each type of media presents challenges to security that must be evaluated. Never assume that a wireless connection is secure.
Be able to describe the vulnerabilities of removable media and what steps must be taken to minimize the risks. Removable media are used for backup, archives, and working storage. The capacity and capabilities of these types of devices have increased dramatically over the last few years. Most removable media is small and easily hidden, so physical security measures are necessary to keep someone from walking off with them. In addition, media can be copied to other systems, presenting confidentiality issues. Make sure you know how to safeguard this technology.
Hands-On Labs
The labs in this chapter are as follows:
Lab 3.1: Examine the Windows Routing Table
Lab 3.2: Examine the Linux Routing Table
Lab 3.1: Examine the Windows Routing Table
Routing tables identify the network destination, netmask, gateway, and interface to use as well as the metric associated with it. For this lab, you’ll look for the presence of a routing table on a Windows-based host (XP or 2000/2003):
1. Open a command prompt by choosing Start Run and enter CMD at the Run prompt.
2. Enter the command route print.
3. If any routing tables exist, active routes are displayed. Carefully look at the display and notice how data is routed between this network and others.
4. In some versions of Windows, the display breaks out the active routes and persistent routes. Persistent routes survive a reboot and are always configured. You can make a route persistent by creating it with the -p parameter.
5. Enter the command route.
Read the help message displayed, and examine the different parameters available for setting and removing routes.
Lab 3.2: Examine the Linux Routing Table
For this lab, you’ll look for the presence of a routing table on a Linux-based host and examine the entries in it:
1. Open a shell prompt.
2. Enter the command route. If you receive a message indicating that the command is not found, use su to become the root user and run the command again.
3. If any routing tables exist, active routes are displayed. Carefully look at the display and notice how data is routed between this network and others.
4. Enter the command route—help.
Read the help message displayed, and examine the different parameters you can use to set and remove routes.
Review Questions
1. Which of the following devices is the most capable of providing infrastructure security?
a. Hub
b. Switch
c. Router
d. Modem
2. Upper management has decreed that a firewall must be put in place immediately, before your site suffers an attack similar to one that struck a sister company. Responding to this order, your boss instructs you to implement a packet filter by the end of the week. A packet filter performs which function?
a. Prevents unauthorized packets from entering the network
b. Allows all packets to leave the network
c. Allows all packets to enter the network
d. Eliminates collisions in the network
3. Which device stores information about destinations in a network?
a. Hub
b. Modem
c. Firewall