Network Security Awareness | Create WebQuest

Introduction

This WebQuest is geared toward College students interested in Network Security or individuals interested in gaining basic network knowledge or pursuing a Security+ certification.

With advances in Internet technology and the growing trend of connected devices, the importance of securing data is becoming more important. It is not only important on an individual scale to protect all of the information you have on a network but it is also increasingly important for companies and firms to protect their networks against various threats. Communicating with data over a network is an important part of any business and with the increasing demand for connecting devices through the Internet is leading to new vulnerabilities for companies to combat.

Task

The following information will provide you with some basic knowledge of network security. By reading and researching the information provided in this webquest you will have the knowledge necessary to answer the evaluation questions. You will also be able to do the following:

– Identify the basic components of the information security cycle

– Identify information security controls

– List common authentication methods

– Identify fundamental security practices

– Differentiate between Vulnerabilities, Attacks, and Intrusions

Process

There are three primary goals or functions involved in good information security practice:

Prevention
Detection
Recovery

CIA Triad

Confidentiality
Integrity
Availability

Vulnerability

A vulnerability is any condition that leaves a system open to an attack.

Vulnerability Examples:

Improperly configured software or installed hardware or software
Bugs in software or operation systems
The misuse of software or communication protocols
Poorly designed network
Poor physical security
Insecure passwords
Design flows in software or operation systems

Attacks:

Attacks involve the unauthorized exploitation of application vulnerabilities on a computer system.

Attack Examples:

Physical security attacks
Network based attacks including wireless networks
Software based attacks
Social engineering
Web application based attacks.

Intrusion

Involves attackers accessing a computer system without authorization.

Intrusion Examples:

Physical intrusion
Host-based intrusions (host-based system monitors as well as analyzes a system’s internals along with the network packets. This implies that host-based ID looks at your communication traffic and checks the integrity of the system files to keep an eye on suspicious processes.)
Network based intrusions

Intrusion prevention

There are various types of intruders including:

Casual intruders who are novice intruders who use sue various hacking tools and are often referred to as script kiddies (Fitzgerald & Dennis, 2012).
Expert security intruders called hackers or crackers.
Professional hackers attack corporate or government computer’s for espionage, fraud or other destructive reasons.
Organization employees that access the network using their authorization to cause damage.

To prevent these types of intrusions it is important to stay proactive by testing systems for vulnerabilities and actively look to prevent unauthorized access to your network (Fitzgerald & Dennis, 2012). Examples of intrusion prevention include:

Security policies
Perimeter security and firewalls
Packet level firewalls
Application layer firewalls
Network address translation (NAT) firewalls
Physical security
Server and client protection
Encryption
- Single Key
- Public Key
- Authentication
- Passwords
- Access Cards
- Biometrics
- Central Authentication

Authentication Methods:

Something you know
- a password, phrase

Something you have
- a token, access card, ID badge, data packets

Something you are
- Biometrics, fingerprint, retinal scanner, hand geometry scanner or voice and facial recognition

Common Security Practices

Implicit Deny

Everything that is not explicitly allowed is denied.

Least Privilege

Minimal level of access necessary to perform the duties of the individuals job.

Separation of Duties

Reduced the amount of power one individual holds by separating their responsibilities.

Job Rotation

Keep individuals rotated in positions within a firm to ensure that one individual does not hold too much knowledge.

Mandatory Vacation

Vacations allow time to review employees activities.

Time of Day Restriction

Restrict access for employees to the system during certain times of the day, and can be applied through group policies.

Privilege management

Evaluation

To be evaluated on this WebQuest successfully answer the following questions based on what you learned in the process section. The questions are from the Security + 301 study guide.

Questions:

1. Which of the following is the basic premise of least privilege?

A. Always assign responsibilities to the administrator who has the minimum

permissions required.

B. When assigning permissions, give users only the permissions they need to do their

work and no more.

C. Regularly review user permissions and take away one that they currently have to see if

they will complain or even notice that it is missing.

D. Do not give management more permissions than users.

2. The three most fundamental goals of computer security are: (Select all that apply.)

a) Confidentiality

b) Auditing

c) Integrity

d) Privilege management

e) Availability

3. To access the server room, Brian places his index finger on a fingerprint reader.

This is an example of:

a) Password authentication.

b) Token-based authentication.

c) Biometric authentication.

d) Multi-factor authentication.

4. A biometric handprint scanner is used as part of a system for granting access to a

facility. Once an identity is verified, the system checks and confirms that the user is

allowed to leave the lobby and enter the facility, and the electronic door lock is

released. This is an example of which of the Four As? (Select all that apply.)

a) Authentication

b) Authorization

c) Access control

d) Auditing

5. What are applicable forms of vulnerabilities? (Select all that apply.)

a) Improperly configured software

b) Misuse of communication protocols

c) Damage to hardware

d) Lengthy passwords with a mix of characters

6. Matching

7. Matching

Conclusion

The importance of security data at home and the office is becoming increasing important with the advances in Internet communications. The WebQuest provided basic understanding of vulnerabilities, and intrusion protection as well as some common security practices used in the work place. This information will assist with understanding and combating basic network security threats and vulnerabilities.

Credits

References:

CompTIA . (2011). CompTIA security+ (Exam SY0-301). Element K. Corporation. Rochester, NY.

Fitzgerald, J., Dennis, A., Durcikova, A. (2012). Business data communications & networking. Hoboken, NJ: John Wiley & Sons, Inc.

Image References:

Armeda, D. (2010). The mission of security awareness. Retrieved from http://blog.sucuri.net/2010/06/

the-mission-of-security-awareness.html

Cyber. (n.d.) Viewing gallery for cyber security banner. Retrieved from http://galleryhip.com/cyber-

security-banner.html

Entrust. (2013). Are biometrics the answer. Retrieved from http://www.entrust.com/biometrics-

answer/

Lockheed Martin. (n.d.). Biometrics. Retrieved from http://www.lockheedmartin.com/us/what-we-

do/information-technology/biometrics.html

O’Brien, R. (2013). Passwords: no longer fit for purpose? Retrieved from http://www.theguardian.com/

media-network/media-network-blog/2013/oct/17/password-security-biometrics-apple-google

Teacher Page

Evaluation Answers